I am developing a Shopify custom app using the Next.js App Router, along with the latest Shopify App Bridge CDN. For authentication, I am using Shopify’s official Node library, @shopify/shopify-api, and implementing the auth.begin and auth.callback methods.
My current flow is as follows:
-
On an initial install, I run the auth.begin → auth.callback flow to obtain the access token.
-
For subsequent visits, before calling auth.begin, I check whether an access token for the shop already exists in my database.
-
If a valid token is present, I redirect the user directly to my app’s frontend.
-
If no token is found, I initiate the authentication flow again.
-
I would like clarification on whether this approach is correct. Specifically:
-
Should the auth.begin and auth.callback methods only be used during the initial installation?
-
Or should they also be invoked for subsequent visits?
At present, my implementation does not pass Shopify’s automated error check, which requires the app to immediately redirect to the app UI after authentication. I want to confirm whether my flow is valid, or if I am missing something in the expected process.
