Hi, i currently develop an SASS Application, which uses data from shopify. For this i want to start the OAuth process from my website.
I implemented a workflow, that asks for the shop url, before starting the oauth process, but i got rejected in the Shopify App Store Review, because i asked for the shop url.
How do i start the OAuth flow, without asking for the Shop Url?
I found, that i can start the oauth flow via admin.shopify.com/admin/oauth/authorize, but that way i get redirected directly to my last used shop and can’t select a shop.
I thought about directing the user to the appropriate app store page, but it seems the page is only available, once the review is finished, so i can’t use this, for the review.
So should i authorize via admin.shopify.com/admin/oauth/authorize, or is there a better url, for starting the oauth process?
Hi @Kevin_Giesubel
If this is a hard requirement of your app, it likely won’t be possible to use the Shopify App Store for distribution. When a merchant clicks the “Install,” button on the app store, Shopify automatically knows which shop is installing and redirects the user to your app’s OAuth endpoint with the correct shop parameter. You should not present your own form to collect the shop URL.
The admin.shopify.com/admin/oauth/authorize url is intended for internal Shopify use and will redirect to the last used shop, which is not suitable for public app installations. Merchants should always start the install from the App Store listing link.
Hi @Liam-Shopify
can you tell me, where i can find the Shopify App Store Link?
If i can not start the OAuth process, i would at least like to redirect the user to the page, where he can start it.
My App is currently in the Shopify App Store Review. As far as i understood i only get the App Store Link, after the review, but need to refer to it, to get through the review.
The app store link is generated during the install process - the flow would be:
- Your app should expect a GET request to your app’s “App URL” with the
shop parameter (and others like hmac, timestamp, etc.).
- You should verify the request, then redirect to the OAuth grant screen at
https://{shop}.myshopify.com/admin/oauth/authorize?... with the required parameters (client_id, scope, redirect_uri, state, etc.).
- After the merchant approves, Shopify redirects back to your app with an authorization code, which you exchange for an access token.
Sry I think we misunderstand each other. With “App Store Link” I didn’t mean the link for OAuth. I meant the link to the Shopify App Store (apps.shopify.com). Since my App will be unlisted, i need to get the users to a page, where he can start the OAuth process. If the user has to start the OAuth process via the Shopify App Store, can you tell me where i can find the url to the listing. Or how else should i get the user to install the App, while he is using my applicaiton?
Even if your app is unlisted, it will still be reviewed by the app review team and it will still need to use the install flow that starts with the install button on the app listing page. Even with unlisted apps you can’t direct a merchant to a different surface to install your app.
It sounds like this app should be a custom app, which will allow you to share install links that merchants can use to install the app: Select a distribution method
So just to confirm my understanding:
Since the app is still in review, there is currently no App Store listing page, so the only way to install is through the Developer Dashboard on a dev store. The review team can install and test the app using their own tools.
Once the app is approved, the App Store listing page will exist, and merchants must start the install there — meaning we should remove the OAuth install button from our website and instead direct merchants to the App Store listing page.
Is that correct?
Thank you.
Can you give us a confirmation when you can. This is important for us to move forward. We just need to know if our understanding is correct or wrong. Thank you.
Hi @Kevin_Giesubel - the flow you’ve describe above is correct.