Fixed #204 PHP error saving access token

Author: nfourtythree

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Release Notes for Shopify
 
+## Unreleased
+
+- Fixed a PHP error that could occur when authorizing the Shopify app. ([#204](https://github.com/craftcms/shopify/issues/204))
+
 ## 7.0.1 - 2026-03-20
 
 - Fixed a PHP error that could occur when retrieving products. ([#202](https://github.com/craftcms/shopify/issues/202))

src/models/Settings.php

@@ -262,9 +262,9 @@ public function getAccessToken(bool $parse = true): string
 
             $accessToken = $accessTokenRecord->accessToken;
 
-            // If an actual access token, and not a env var, has been stored we need to unencrypt it
+            // If an actual access token, and not an env var, has been stored we need to decrypt it
             if (!str_starts_with($accessToken, '$')) {
-                $accessToken = Craft::$app->getSecurity()->decryptByKey($accessToken);
+                $accessToken = StringHelper::decdec($accessToken);
             }
 
             $this->setAccessToken($accessToken);

src/services/Api.php

@@ -11,6 +11,7 @@
 use craft\base\Component;
 use craft\helpers\ArrayHelper;
 use craft\helpers\Json;
+use craft\helpers\StringHelper;
 use craft\log\MonologTarget;
 use craft\shopify\events\DefineGqlFieldsEvent;
 use craft\shopify\events\DefineGqlQueryArgumentsEvent;
@@ -658,14 +659,23 @@ public function getAccessToken(?string $code = null, ?string $shop = null, bool
             /** @var AccessToken $record */
             $record = AccessToken::find()->one() ?? new AccessToken();
 
-            $success = true;
-            try {
-                $configService->setDotEnvVar(self::API_ACCESS_TOKEN_ENV_VAR, $body['access_token']);
-            } catch (\Throwable $e) {
-                $success = false;
-                Craft::error('Couldn\'t save the Shopify Access Token in the .env file. ' . $e->getMessage(), __METHOD__);
+            // If there isn't a `.env` file, let's not try and save it there in case that is by design
+            $dotEnvPath = $configService->getDotEnvPath();
+            $hasDotEnv = $dotEnvPath !== '' && file_exists($dotEnvPath);
+
+            $isSavedToFile = true;
+            if (!$hasDotEnv) {
+                $isSavedToFile = false;
+            } else {
+                try {
+                    $configService->setDotEnvVar(self::API_ACCESS_TOKEN_ENV_VAR, $body['access_token']);
+                } catch (\Throwable $e) {
+                    $isSavedToFile = false;
+                    Craft::error('Couldn\'t save the Shopify Access Token in the .env file. ' . $e->getMessage(), __METHOD__);
+                }
             }
-            $record->accessToken = $success ? '$' . self::API_ACCESS_TOKEN_ENV_VAR : Craft::$app->getSecurity()->encryptByKey($body['access_token']);
+
+            $record->accessToken = $isSavedToFile ? '$' . self::API_ACCESS_TOKEN_ENV_VAR : StringHelper::encenc($body['access_token']);
 
             if (!$record->save()) {
                 // Get the first error message from the record, if available: