/** * @param TokenInterface $token * @param UserProviderInterface $storeProvider * @param $providerKey * @return PreAuthenticatedToken */ public function authenticateToken(TokenInterface $token, UserProviderInterface $storeProvider, $providerKey) { $credentials = $token->getCredentials(); //verify the shopify signature if (!$this->signatureVerifier->isValid($credentials['hmac'], $credentials)) { throw new BadCredentialsException('Invalid signature'); } $store = $storeProvider->loadUserByUsername($credentials['shop']); //configure the API client to authenticate all outgoing requests with the shopify store's credentials $this->shopifyClient->setShopifyStore($store); return new PreAuthenticatedToken($store, $credentials, $providerKey, $store->getRoles()); }