App approval issues - App must install succesfully

Highlighted
New Member
2 0 0

Hello!

We've been struggling for some time to get our app approved but somehow we seem to get rejected and we're returned the same error:

1. App must install successfully.
Your app does not request installation on the shop immediately after clicking "add app". Apps must ask a shop for access when being installed on a shop for the first time, as well as when they are being reinstalled after having been removed. During install or reinstall we expected Oauth to be initiated at https://appstoretest5.myshopify.com/admin/oauth/request_grant but was redirected to https://XXX/shopify/install [i added XXX instead of our domain to prevent attacks]. Learn more about authentication in our developer documentation

Our workflow right now is the following:

1. Customer clicks add on the app and is redirected to the install page

2. The install endpoint detects that the customer doesn't exists in the database and redirects to admin/oauth/request_grant

3. The customer is prompted in shopify with the app details - access information, etc.

4. The customer clicks install and is redirected to the redirect_url (authorize endpoint) specified in request_grant parameters

5. We request the permanent access token via oauth/access_token and save it to the database

6. Customer is redirected to the install page where he is asked for his Consignor credentials. (Needed for API access)

Please help us with this issue.

0 Likes
Highlighted
New Member
2 0 0

Did someone else encounter this issue ? Thanks.

0 Likes
Highlighted
New Member
1 0 0

I do too, still trying to figure out the problem. It seems like there wasn't an official solution provided by Shopify support, I looked everywhere but couldn't find one.

0 Likes
Highlighted
Excursionist
64 5 9

Your install logic sounds a lot like mine and I'm preparing to submit my app, so that makes me nervous. But instead of admin/oauth/request_grant have you tried creating a the permissionUrl with the format below:

https://{shop}.myshopify.com/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}&grant_options[]={access_mode}

 

0 Likes
Highlighted
Excursionist
64 5 9

OK, I have more info on this after my app got rejected. I had been making a faulty assumption that when someone clicks "install" from the app page, then Shopify only appends the shop parameter i.e., myappname.myhosting.com?shop={shopOrigin} and I had built my install logic around that. However, they also append hmac and timestamp. 

 

So essentially, you need to make it so that when someone hits your app URL and those 3 parameters are appended, they will reach the OAuth page where you generate the permissionUrl. They simulate this if you try to install on your development store using the install link there. So if it works there, we should (hopefully) be good.  

0 Likes