Manual exemption for legacy auth flow

Authentication & Access
1

Subject: Manual exemption for legacy auth flow

Hi Shopify Support,

Our app is non-embedded and uses the classic Authorization Code Grant flow:

  1. Shopify → /auth (302)

  2. /auth → Shopify OAuth authorize (303)

  3. Authorize → /auth/callback (302)

  4. /auth/callback → our app homepage (200)

Technically this works fine, but the automatic check keeps failing on these two items:

  • Verify identity immediately after installation

  • Redirect to app UI immediately after verification

The error says:

During automatic check your app did not start install-time identity verification and returned an unexpected URL.
Expected: https://admin.shopify.com/store/uvszh1-m5/app/grant
Actual: https://a32333127.ngrok-free.app/auth?hmac=...&host=...&shop=...&timestamp=...

Question:
Since I must hit /auth first to obtain the Shopify OAuth authorize URL, why is this step being flagged?
What should I change (or document) to pass the check?
Any help appreciated—thanks!

2

Hi,

After the merchant approves the OAuth grant, I believe you’ll need to redirect to the Shopify /grant URL, not your /auth endpoint.

3

But only by going through /auth first can we generate the Shopify OAuth authorization URL with the required permission scopes. Then the Shopify OAuth authorization page displays the /grant page. If we don’t go through the /auth endpoint, how would the system know what permissions the app needs to request? For example, permissions for products, customer data, etc.

4

我想点击安装完成之后跳转到我的应用的首页

我的auth.callback.tsx代码是这样写的

import type { LoaderFunctionArgs } from “@remix-run/node”;
import { redirect } from “@remix-run/node”;
import { authenticate } from “../shopify.server”;

export const loader = async ({ request }: LoaderFunctionArgs) => {
console.log(“=== AUTH CALLBACK STARTED ===”);

try {
const { session } = await authenticate.admin(request);
console.log(“OAuth callback successful for shop:”, session.shop);

// 认证成功,重定向到应用主页
return redirect(“/app”);
} catch (error) {
console.log(“OAuth callback failed:”, error);
// 认证失败,重定向到错误页面或登录页面
return redirect(“/auth/login”);
}
};

我调试打印出来的日志是这样的
=== AUTH CALLBACK STARTED ===
OAuth callback failed: Response {
status: 302,
statusText: ‘’,
headers: Headers {
Location: ‘https://admin.shopify.com/store/fastprint-tst-store/apps/0110a09af82ac3549a6cec8a60d5f1f8
},
body: null,
bodyUsed: false,
ok: false,
redirected: false,
type: ‘default’,
url: ‘’
}

我的代码用的是你们shopify推荐的 https://github.com/Shopify/shopify-app-template-remix
请问我该如何修改,才能达到我想要的效果

Liam Griffin via Shopify Developer Community Forumsnotifications@shopifycommunity.discoursemail.com 在 2025年9月23日 周二 18:09 写道:

| Liam-Shopify Shopify Staff
September 23 |

  • | - |

Hi,

After the merchant approves the OAuth grant, I believe you’ll need to redirect to the Shopify /grant URL, not your /auth endpoint.