// the find
Shopify/shopify_app
A Rails Engine for building Shopify Apps
A Rails Engine that scaffolds Shopify embedded app boilerplate: OAuth, session management, webhook handlers, and the new token exchange flow. Aimed squarely at Rails developers who want to skip the Shopify auth plumbing and get to their app logic. Useless outside the Shopify ecosystem.
The token exchange strategy is the right move — eliminates the OAuth redirect dance inside the embedded admin iframe, which was always awkward. Generator coverage is solid: shop model, user model, webhooks, privacy jobs, and app proxy controller all scaffold cleanly without requiring hand-wiring. Session storage is properly abstracted behind a repository pattern, so you can swap in-memory for ActiveRecord without touching auth logic. Localization support covers 20 languages out of the box, which saves real work for apps targeting non-English merchants.
Still Rails-only — if you're building a Shopify app on anything else, this doesn't exist for you. The dual install flows (legacy auth code grant vs. new token exchange) mean the docs and configuration surface are split; new developers regularly enable the wrong one and hit confusing redirect loops. The generated session storage code expects you to implement the right ActiveRecord mixins yourself, and getting user-scoped vs. shop-scoped tokens wrong silently fails at runtime rather than blowing up at boot. JavaScript dependencies (webpack, babel, yarn) linger in the repo alongside importmap support, reflecting years of Rails frontend strategy pivots that never got fully cleaned up.