Here’s a copy-ready post for the Shopify Dev Community:
[Headless / New Customer Accounts] 500 Internal Server Error on first login/registration (Webflow + Smootify). Sign-in with existing accounts works
Setup
-
Headless New Customer Accounts (Customer Account API, Public client)
-
Frontend: Webflow
-
Library: Smootify
-
Target domain:
https://phots-projekt.webflow.io(spelled “phots” intentionally)
Smootify config (excerpt)
<script>
window.SmootifyUserOptions = {
"newCustomerAccountsPublicKey": "d9300340-efc6-412a-9a41-0b8db2c22681",
"newCustomerLoginRedirect": "https://phots-projekt.webflow.io",
/* other options … */
}
</script>
Customer Account API (Admin)
-
Client type: Public
-
Callback URI(s):
https://phots-projekt.webflow.io -
JavaScript Origin(s):
https://phots-projekt.webflow.io -
Logout URI:
https://phots-projekt.webflow.io -
Scopes:
openid email customer-account-api:full -
Public client ID =
d9300340-efc6-412a-9a41-0b8db2c22681
Problem
-
Sign-in with an existing customer works.
-
First login (i.e., registration) always fails.
Flow when it fails:
-
Click “Login/Register” on Webflow → Shopify auth starts.
-
OTP code arrives via email.
-
Submitting the code (POST to
/authentication/<shop-id>/login) returns 500 Internal Server Error. -
Page shows: “Something went wrong. Internal error occurred while processing request.”
What I see in DevTools:
-
redirect_uriin the authorize request is correct:https://phots-projekt.webflow.io -
Example requests (shortened):
-
GET /authentication/<id>/oauth/authorize?...&client_id=d9300340-efc6-412a-9a41-0b8db2c22681&redirect_uri=https%3A%2F%2Fphots-projekt.webflow.io&scope=openid+email+customer-account-api%3Afull&code_challenge_method=S256 … -
POST /authentication/<id>/loginwith form dataemail=<new address>,code=<OTP>,h-captcha-response=<…>
-
-
Response: HTTP 500 specifically on the
/loginstep.
Example Request IDs from the error page:
-
6497d2ad-0702-45c8-ab7d-a779cab4ee0f-175825… -
49dfab29-3f2e-460a-adf8-388433135f99-175825…
Already checked
-
Callback URI, JS Origin, and Logout URI set exactly to
https://phots-projekt.webflow.io(also tried/dashboardeverywhere—same result). -
newCustomerLoginRedirectuses an absolute URL (not a relative path). -
Public client ID in my script matches the Admin value character-for-character.
-
Removed
*.myshopify.comfrom JS origins; only the Webflow domain remains. -
Tested in Incognito, third-party cookies allowed, multiple browsers/devices.
-
Tried multiple brand-new email addresses to avoid any “conflicting user” issues.
-
Also tested with both root and root + trailing slash whitelisted.
Expected
After entering the OTP, a new customer account is created and I’m redirected to https://phots-projekt.webflow.io (or /dashboard).
Actual
500 Internal Server Error on POST /authentication/<id>/login and the “Something went wrong…” page.
Questions for the community / Shopify
-
Are there known causes for HTTP 500 specifically on the
/authentication/<id>/loginstep of the New Customer Accounts (PKCE) flow whenredirect_uriis correct? -
Can a conflicting user scenario trigger this 500 even when using a brand-new email? How can this be verified/resolved server-side?
-
Besides Callback/Origin/Logout, are there any other whitelists or settings required for headless?
-
Could
h-captchaor cookie settings affect first-time login despite existing-user logins working? -
Could someone from Shopify check the issue using the Request ID(s) above and point me to the internal error?
Thanks in advance! I can attach full Network logs and screenshots if helpful.
