Hi team,
We’ve run into a truncation issue with the Shopify App authorization process when requesting a new authorization code for additional access scopes. When a user logs into our app, we determine if an update to their access scopes is required and, if so, redirect them to the Shopify authorization code flow.
If they are already logged into Shopify then the user is presented with the page asking them to accept the scope changes, after which we handle the redirect back to us and get the new access token. However, if the user is not logged in to Shopify, they are asked to login before continuing in the authorization flow.
This is where the issue is, as the request url gets truncated after the login process. Depending on the length of the user’s store name, this can cut off the state param, redirect uri, more or nothing if the name is short enough. This can result in our validation failing because the state is changed or the redirection failing as seen below. Hoping we can get some help with this, cheers.
E.g. Request URL before truncation:
After Truncation:
Here the redirect URI goes from https://uat-logistic-gateway-service.nti.com.au/shopify/app/auth-redirect to https://uat-logistic-gateway-service.nti.com.
Results in a failed redirection back to our side