Shopify app review being paused because "Must authenticate immediately after install"

Flow:

  1. User goes to fastn ( fastn - Compose anything. Connect everything. )
  2. User sees shopify and clicks the activate button.
  3. User enters the store name.
  4. User is prompted to authenticate.

For authentication - we use this:

https://{store_name_that_user_entered}.myshopify.com/admin/oauth/authorize?client_id={client_id}&scope={scopes}&redirect_uri={redirect_uri}

  1. User will see the shopify consent screen ( with the permissions requested ).
  2. Activation ( oauth2.0 authentication ) is complete and User obtains the access token.
  3. User can call the shopify APIs and build workflows within fastn.

To reiterate,

  1. Users don’t need to see an app UI in their shopify admin portal.
  2. Users don’t need to install the app directly from the app store.

User can go to fastn and perform oauth2.0 flow and get the fastn app installed.

We have registered a public app in the partners dashboard. But the app review is getting paused because of this: “Must authenticate immediately after install”

Can someone please help us what we are doing wrong and how we can fix it so the review goes through?

Hello there! I would suggest you reach out to Partner Support to get answers specific to your app. They should be able to dig into the app review.

Per the app requirement documentation (section 2.C.2):
Your app must not request the manual entry of a myshopify.com URL or a shop's domain during the installation or configuration flow.

I’m not an expert on this topic, but from my understanding you would need to OAuth the user into their Shopify account first, and then you should be able to install the app to the specific shop the user is authed into, without explicitly collecting the domain from them.

Hmmm interesting, how would I OAuth the user if they don’t enter the store name? I thought them entering store name is necessary to do the OAuth2.0 flow
( apologies for my lack of knowledge :slight_smile: )

Also, I believe the app installation happens automatically when the user does the oauth2.0 flow, please correct me if I am wrong.