403 Forbidden Error On Redirect URL

Highlighted
Shopify Partner
5 0 0

Hi everyone,

 

I was hoping someone could provide some insight into the problem I was having. I'm building a public app that accesses the users google calendars. The first part of the process involves getting the users permission to access their calendars and involves a separate google sign in link like this:

 

Screen Shot 2020-06-02 at 5.02.56 PM.png

 

After the user has authorized access, the app should redirect back to the app's home page on the users store, but I'm getting a 403 error saying that the "Request Origin Could Not Be Verified".

 

The whitelisted redirection url in the app settings is: https://faq-app.ngrok.io/auth/callback

 

The redirect url I'm using on the google auth side is: https://faq-app.ngrok.io/auth/callback

 

(Both are the same) 

 

Any help would be greatly appreciated!

 

0 Likes
Highlighted
Shopify Staff
Shopify Staff
582 70 127

Hey @khouck18,

 

The error message "Request Origin Could Not Be Verified" usually pertains to checking the HMAC value on requests that originate from outside Shopify. We recommend having a mechanism in place for requests such as OAuth redirects or webhooks, which validates the HMAC value in the request header to ensure the request originated from Shopify. If you're using koa-shopify-auth I believe the function is called verifyRequest. Have a look for that and make sure the redirect back from Google doesn't use that function, or implement a different verification mechanism for that redirect. 

JB | Developer Support @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Click Accept as Solution 

0 Likes