Shopify’s Customer Account API requires you to explicitly set Callback URIs. It’s very limited.
Firstly, I can’t add query parameters to the callback URI. I’d like to return the customer to the page they were trying to visit before they got unauthorized.
Any attempt to add query parameters to the redirect_uri throws an error:
redirect_uri mismatch
Secondly, PLEASE ADD WILDCARDS. Wildcard URLs will allow us to use our vercel links as valid callback URIs. Another use case, which we need, is to serve multiple applications under our subdomains without having to whitelist each one individually.
Shopify also doesn’t allow localhost … WTF ? How is allowing localhost a security concern ? I’m setting up ngrok and the having to redirect from my ngrok url back to localhost.
Jesus, what a hassle. Please put some more thought in to developer experience.
Let me know what you think , or if you know any work arounds i’m missing.