Public App install and oauth flow

Partner Discussions
,
1

Hi guys,

I’m developing a feature which will support the user to integrate their store with our application.
Our tech stack are .NET for backend and React in frontend.
The install flow is:

  1. User login to our website
  2. User click the button connect to store in Frontend
  3. Here we redirect the user to the Shopify App install link and the user will login to their Shopify account and select the store they want to connect
  4. Then Shopify redirect to the Partner App URL which is the endpoint /start in our Backend
  5. Here we form the Oauth url with the selected shop and redirect user to the Oauth flow
  6. After user authorize and install the app, it redirect back to the endpoint /callback in Backend
  7. Here we exchange the code for token and complete the install process.

My app is Public App and not embedded. When I try to submit the app for review, it failed at step Immediately authenticates after install
The error show:
Expected HTTP Response: 200
Actual HTTP Response: 403 from https://xbbf0y-vp.myshopify.com/admin/oauth/redirect_to_install?app_store_s=xxx&app_store_y=uuu&client_id=zzz&

Anyone has idea what would be the issue here? And if it is from our end, how should we fix it?

2

Are you using Shopify managed installs? Or if using legacy auth flow have you configured this in the toml?

3

Hi Jordan,
My app is not embedded so I’m not using Shopify managed installs and I haven’t touched anything related to toml.
I create the public app in UI and using the authorization code grant flow.

4

In the configuration of your app in the dashboard, have you ticked that it is not embedded?

All embedded apps (the default) now have to use managed installs and so this might be whats blocking your request as thats the default behaviour.

5

Yes, I have selected the option Not Embed

e1
e1574×144 5.58 KB

6

Thank you for confirming!
I don’t think your install link is correct format, where have you got that from? :thinking:

7

Do you mean this link: “/oauth/redirect_to_install”?
I have nothing with that link, it is the detail error from the checking process.

8

Sorry you said you generate a link to push the user to install your app, I’d just like to check what that url is

9

As my app is not Unlisted, I get the link here for the development process.
The link has this format: https://partners.shopify.com/xxxxxx/apps/xxxxxxxxx/test

e2
e2580×215 13.8 KB

But I think this is irrelevant because it is just the point for user to select a store. The install process is begin when browser redirect to the App URL with the shop in query string. And at this point we started the oauth immediately.

10

Thank you for the information.
I just wanted to check that it wasn’t something you were constructing.
The link in your first post doesn’t have a “signature” query string parameter that I would have expected so just wanted to check that and the settings as lots of people have had similar issues with managed installs being the default.

Are all the URLs you are trying to redirect to, for all the steps in the OAuth flowx in your app listed in your apps configuration for redirect urls?

11

Thank you. The URL actually has “signature” parameter. I just truncated it so the message won’t be too long.
All the URLs and the Oauth flow setup correctly. I have tested it with my dev store and it connect successfully.
Btw, the error detail says it got 403 http code while it should be 200 from the URL: https://xbbf0y-vp.myshopify.com/admin/oauth/redirect_to_install?
Do you know what is the reason for this 403 error code?

12

Yeah I’m wondering if there’s something in your settings blocking it.
The sections I’d check, Allowed redirection URL(s) is fully correct. That your distribution method isn’t limited to install only on one store.

I’d also try it on another development store to see if it works there or if its just that one store