Add support to app authentication

Author: tiagocandido

README.md

@@ -37,6 +37,8 @@
     - [Shop Pay](#shop-pay)
     - [Customer Account API](#customer-account-api)
   - [Offsite Payments](#offsite-payments)
+  - [App Authentication](#app-authentication)
+    - [How to generate the JWT](#how-to-generate-the-jwt)
   - [Explore the sample apps](#explore-the-sample-apps)
   - [Contributing](#contributing)
   - [License](#license)
@@ -181,17 +183,14 @@ The SDK provides a way to customize the presented checkout experience via the `S
 By default, the SDK will match the user's device color appearance. This behavior can be customized via the `colorScheme` property:
 
 ```swift
-// [Default] Automatically toggle idiomatic light and dark themes based on device preference (`UITraitCollection`)
+// Automatic (matches device appearance)
 ShopifyCheckoutSheetKit.configuration.colorScheme = .automatic
 
-// Force idiomatic light color scheme
+// Force light mode
 ShopifyCheckoutSheetKit.configuration.colorScheme = .light
 
-// Force idiomatic dark color scheme
+// Force dark mode
 ShopifyCheckoutSheetKit.configuration.colorScheme = .dark
-
-// Force web theme, as rendered by a mobile browser
-ShopifyCheckoutSheetKit.configuration.colorScheme = .web
 ```
 
 ### `tintColor`
@@ -560,7 +559,78 @@ public func checkoutDidClickLink(url: URL) {
 }
 ```
 
----
+## App Authentication
+
+App Authentication allows your app to securely identify itself to Shopify Checkout Kit and access additional permissions or features granted by Shopify. If your integration requires App Authentication, you must generate a JWT (JSON Web Token) on your secure server and pass it to the SDK.
+
+### How to generate the JWT
+
+**Prerequisites:**
+1. Create a Shopify app in the [Shopify Partners Dashboard](https://partners.shopify.com/organizations) or CLI to obtain your `api_key` and `shared_secret`.
+2. Install the app on a merchant's shop to obtain an `access_token` via the OAuth flow.
+
+**Encrypt your access token:**
+- Use AES-128-CBC with your `shared_secret` to encrypt the `access_token`.
+- Derive encryption and signing keys from the SHA-256 hash of your `shared_secret`.
+- Base64 encode the result.
+
+<details>
+<summary>Pseudo-code (Ruby) for encrypting your access_token</summary>
+
+```ruby
+shared_secret = <your_shared_secret>
+access_token = <your_access_token>
+
+key_material = OpenSSL::Digest.new("sha256").digest(shared_secret)
+encryption_key = key_material[0,16]
+signature_key  = key_material[16,16]
+
+cipher = OpenSSL::Cipher.new("aes-128-cbc")
+cipher.encrypt
+cipher.key = encryption_key
+cipher.iv = iv = cipher.random_iv
+raw_encrypted_token = iv + cipher.update(access_token) + cipher.final
+
+signature = OpenSSL::HMAC.digest("sha256", signature_key, raw_encrypted_token)
+encrypted_access_token = Base64.urlsafe_encode64(raw_encrypted_token + signature)
+```
+</details>
+
+**Create the JWT payload:**
+
+```json
+{
+  "api_key": "<your_api_key>",
+  "access_token": "<your_encrypted_access_token>",
+  "iat": <epoch_seconds>,
+  "jti": "<unique_id>"
+}
+```
+
+**Sign the JWT:**
+
+```ruby
+require 'jwt'
+require 'securerandom'
+
+payload = {
+  api_key: '<your_api_key>',
+  access_token: '<your_encrypted_access_token>',
+  iat: Time.now.utc.to_i,
+  jti: SecureRandom.uuid
+}
+
+token = JWT.encode(payload, '<your_shared_secret>', 'HS256')
+```
+
+**Use the JWT in your iOS app:**
+
+```swift
+let checkoutOptions = CheckoutOptions(appAuthentication: .token("<JWT_TOKEN>"))
+ShopifyCheckoutSheetKit.present(checkout: checkoutURL, from: self, delegate: self, options: checkoutOptions)
+```
+
+> **Note:** The JWT should always be generated on a secure server, never on the device.
 
 ## Explore the sample apps
 

Samples/MobileBuyIntegration/MobileBuyIntegration/AppConfiguration.swift

@@ -37,6 +37,10 @@ public final class AppConfiguration: ObservableObject {
 
     // Displays the Checkout with ApplePay button
     @Published var applePayEnabled: Bool = true
+
+    /// Optional app authentication token for partner app identification
+    /// This should be generated on a secure server, not on the device
+    @Published var appAuthenticationToken: String?
 }
 
 public var appConfiguration = AppConfiguration() {

Samples/MobileBuyIntegration/MobileBuyIntegration/AppDelegate.swift

@@ -29,7 +29,7 @@ class AppDelegate: UIResponder, UIApplicationDelegate {
     func application(_: UIApplication, willFinishLaunchingWithOptions _: [UIApplication.LaunchOptionsKey: Any]? = nil) -> Bool {
         ShopifyCheckoutSheetKit.configure {
             /// Checkout color scheme setting
-            $0.colorScheme = .web
+            $0.colorScheme = .automatic
 
             /// Customize progress bar color
             $0.tintColor = ColorPalette.primaryColor

Samples/MobileBuyIntegration/MobileBuyIntegration/Localizable.xcstrings

@@ -18,6 +18,9 @@
     },
     "Adding..." : {
 
+    },
+    "App Authentication" : {
+
     },
     "Apple Pay not available" : {
 
@@ -36,6 +39,9 @@
     },
     "Clear logs" : {
 
+    },
+    "Enter a JWT token for app authentication. This token should be generated on a secure server, not on the device. Leave empty to disable app authentication." : {
+
     },
     "Events" : {
 
@@ -54,6 +60,9 @@
     },
     "Handle Product URLs" : {
 
+    },
+    "JWT Token" : {
+
     },
     "Loading products..." : {
 

Samples/MobileBuyIntegration/MobileBuyIntegration/ViewControllers/CheckoutController.swift

@@ -44,7 +44,14 @@ class CheckoutController: UIViewController {
 
     public func present(checkout url: URL) {
         if let rootViewController = window?.topMostViewController() {
-            ShopifyCheckoutSheetKit.present(checkout: url, from: rootViewController, delegate: self)
+            var options: CheckoutOptions?
+
+            // Configure app authentication if token is provided
+            if let token = appConfiguration.appAuthenticationToken, !token.isEmpty {
+                options = CheckoutOptions(appAuthentication: .token(token))
+            }
+
+            ShopifyCheckoutSheetKit.present(checkout: url, from: rootViewController, delegate: self, options: options)
             root = rootViewController
         }
     }

Samples/MobileBuyIntegration/MobileBuyIntegration/Views/SettingsView.swift

@@ -55,6 +55,18 @@ struct SettingsView: View {
                     Toggle("Show Checkout with ApplePay button", isOn: $config.applePayEnabled)
                 }
 
+                Section(header: Text("App Authentication")) {
+                    TextField("JWT Token", text: Binding(
+                        get: { config.appAuthenticationToken ?? "" },
+                        set: { config.appAuthenticationToken = $0.isEmpty ? nil : $0 }
+                    ))
+                    .textFieldStyle(RoundedBorderTextFieldStyle())
+
+                    Text("Enter a JWT token for app authentication. This token should be generated on a secure server, not on the device. Leave empty to disable app authentication.")
+                        .font(.caption)
+                        .foregroundColor(.secondary)
+                }
+
                 Section(header: Text("Theme")) {
                     ForEach(Configuration.ColorScheme.allCases, id: \.self) { scheme in
                         ColorSchemeView(scheme: scheme, isSelected: scheme == selectedColorScheme)
@@ -145,25 +157,27 @@ extension Configuration.ColorScheme {
             return "Dark"
         case .automatic:
             return "Automatic"
-        case .web:
-            return "Web"
         }
     }
 
     var tintColor: UIColor {
         switch self {
-        case .web:
-            return UIColor(red: 0.18, green: 0.16, blue: 0.22, alpha: 1.00)
-        default:
+        case .light:
+            return UIColor(red: 0.09, green: 0.45, blue: 0.69, alpha: 1.00)
+        case .dark:
+            return UIColor(red: 0.09, green: 0.45, blue: 0.69, alpha: 1.00)
+        case .automatic:
             return UIColor(red: 0.09, green: 0.45, blue: 0.69, alpha: 1.00)
         }
     }
 
     var backgroundColor: UIColor {
         switch self {
-        case .web:
-            return ColorPalette.backgroundColor
-        default:
+        case .light:
+            return .systemBackground
+        case .dark:
+            return .systemBackground
+        case .automatic:
             return .systemBackground
         }
     }