Admin UI block extension app: link intermittently redirects to app home (admin OAuth) instead of calling embedded app route

Extensions
1

We’re seeing intermittent navigation issues with an Admin UI block extension that deep-links into our embedded app.

The extension renders a button like:

<Button
  variant="primary"
  href={`app:api/example-endpoint?resourceId=...`}
>
  Process
</Button>

This setup has been running in production for around six months without any issues, and the intermittent behaviour only started in the last 24 hours without any code changes on our side.

Clicking the button should navigate the merchant to our embedded app route, for example:

https://<our-app-domain>/api/example-endpoint?resourceId=...

In failing cases, instead of any request to that endpoint, Admin calls something like:

https://<shop>.myshopify.com/admin/shopify_web/oauth/authorize?...original_uri=/admin/apps/<our-app>

and returns the merchant to /admin/apps/ instead of continuing to our embedded app route, so our backend is never hit.

From our side the problem appears less about the ‘app:’ URL itself and more about how Admin re‑authentication is handled when the extension triggers that navigation.

Is this a known issue or change in how Admin handles re‑authentication for UI extensions, and is there any recommended workaround or best practice for deep‑linking into an embedded app route from a block extension?

1 Like
Admin Link extension broken, redirects to app homepage instead of specified route
Admin Link extension broken, redirects to app homepage instead of specified route
2

UPDATE: Issue may be related to user re-authentication. The redirect has no issue the first time after a user logs in. If they re-login every time, they don’t hit this re-authentication issue and are redirected correctly every time. But if they remained logged in it hits this re-authentication issue on the 2nd or 3rd time using the extension.

3

For further clarity, when the user first logs in and presses the button this is what the network tab shows:

Successful attempt
Successful attempt1068×519 113 KB

Screenshot 2026-01-13 at 7.53.28 PM
Screenshot 2026-01-13 at 7.53.28 PM1068×519 116 KB

Whereas the second time the user goes to use the extensions it tries to re-authenticate with a 302 response and goes to the homepage of the app. Screenshots attached.

Failed attempt
Failed attempt1068×460 106 KB

4

+1 We are having the same issue

5

I have similar issue, but for admin link extension : Admin Link extension broken, redirects to app homepage instead of specified route - #5 by soulchild

6

We’re investigating. Here’s a link to related issue:

7

Thanks Bill, we also determined if the linked route has no Shopify authentication, such as www.google.com, the redirect works every time. And removing authentication from the linked route such as:

{ session, cors } = await authenticate.admin(request));

does indeed resolve the issue, but arguably brings up a new issue of losing the benefits of authentication.

8

We’ve reproduced the bug, and we think we understand why it seems intermittent.

  • :bug: Bug is present when loading route of extension target directly by manually refreshing the browser
    • Order Details => App Link
  • :see_no_evil_monkey: Bug is absent when clicking link to navigate to route of extension target
    • Order Index => Order Details => App Link
9

A fix has been deployed. Please let us know if you continue seeing the issue.