App approval issues - App must install succesfully

consignor
Visitor
2 0 1

Hello!

We've been struggling for some time to get our app approved but somehow we seem to get rejected and we're returned the same error:

1. App must install successfully.
Your app does not request installation on the shop immediately after clicking "add app". Apps must ask a shop for access when being installed on a shop for the first time, as well as when they are being reinstalled after having been removed. During install or reinstall we expected Oauth to be initiated at https://appstoretest5.myshopify.com/admin/oauth/request_grant but was redirected to https://XXX/shopify/install [i added XXX instead of our domain to prevent attacks]. Learn more about authentication in our developer documentation

Our workflow right now is the following:

1. Customer clicks add on the app and is redirected to the install page

2. The install endpoint detects that the customer doesn't exists in the database and redirects to admin/oauth/request_grant

3. The customer is prompted in shopify with the app details - access information, etc.

4. The customer clicks install and is redirected to the redirect_url (authorize endpoint) specified in request_grant parameters

5. We request the permanent access token via oauth/access_token and save it to the database

6. Customer is redirected to the install page where he is asked for his Consignor credentials. (Needed for API access)

Please help us with this issue.

Replies 13 (13)

consignor
Visitor
2 0 1

Did someone else encounter this issue ? Thanks.

benj1502nguyen
Visitor
2 0 0

I do too, still trying to figure out the problem. It seems like there wasn't an official solution provided by Shopify support, I looked everywhere but couldn't find one.

policenauts1
Trailblazer
174 13 39

Your install logic sounds a lot like mine and I'm preparing to submit my app, so that makes me nervous. But instead of admin/oauth/request_grant have you tried creating a the permissionUrl with the format below:

https://{shop}.myshopify.com/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}&grant_options[]={access_mode}

 

policenauts1
Trailblazer
174 13 39

OK, I have more info on this after my app got rejected. I had been making a faulty assumption that when someone clicks "install" from the app page, then Shopify only appends the shop parameter i.e., myappname.myhosting.com?shop={shopOrigin} and I had built my install logic around that. However, they also append hmac and timestamp. 

 

So essentially, you need to make it so that when someone hits your app URL and those 3 parameters are appended, they will reach the OAuth page where you generate the permissionUrl. They simulate this if you try to install on your development store using the install link there. So if it works there, we should (hopefully) be good.  

vinaydev
New Member
5 0 0

Hello, 

Please help me, I am facing same issue again and again

 

Requirements that must be met before initial screening

  1. App must install successfully.
    Your app does not request installation on the shop immediately after clicking "add app". Apps must ask a shop for access when being installed on a shop for the first time, as well as when they are being reinstalled after having been removed. During install or reinstall we expected Oauth to be initiated at https://appstoretest5.myshopify.com/admin/oauth/request_grant but was redirected to https://app.glorifyapp.com/shareapi/api/shopify/. 



Note: My app install.php file code as below.

 

$shop="vinaytest"

$redirect_uri="abdd.php"



$install_url = "https://" . $shop . ".myshopify.com/admin/oauth/authorize?client_id=" . $api_key . "&scope=" . $scopes . "&redirect_uri=" . urlencode($redirect_uri);

 

Please help ASAP

 

policenauts1
Trailblazer
174 13 39

It looks like it's never reaching your install URL and instead directing straight to the app. What happens when you click on "test on development store" and then try to install on one of your development stores? From my experience, if you achieve successful OAuth flow there you will make it through this stage of review. 

Also, are you hard-coding your own store name as the shop URL? 

vinaydev
New Member
5 0 0

Hello !

 

Hope you are doing well.

 

Please check my workflow  video right now is the following.

 

https://www.awesomescreenshot.com/video/211082

It is working fine on development mode.

 

Please help ASAP 

 

 

policenauts1
Trailblazer
174 13 39

Your video link is broken.

vinaydev
New Member
5 0 0
policenauts1
Trailblazer
174 13 39

Please uninstall your app from that store and then go to partners.shopify.com, clicks Apps, then click on your app name, then click Test your app (select your development store) and then "Install." What happens when you do that? 

You also may get rejected for not implementing the Billing API. I suggest using the GraphQL instead of REST API version. 

vinaydev
New Member
5 0 0

Hi!

It is working fine when I text my app from partner account. 

 

I think it may issue as below line.

 

Could you  please check.

$shop="omernew"

$install_url = "https://" . $shop . ".myshopify.com/admin/oauth/authorize?client_id=" . $api_key . "&scope=" . $scopes . "&redirect_uri=" . urlencode($redirect_uri);

vinaydev
New Member
5 0 0

Hello !

I hope you have see my video in last message for workflow of app

I need to add popup for ask to store name on click install app. ?

 

Please check attached screen sort and guide me.image_2020_07_13T11_10_22_228Z.png

 

 

Please help ASAP

policenauts1
Trailblazer
174 13 39

This is not how you do it. You need to pick up shopOrigin dynamically (Shopify's guidance here is super thin, unless you're using one of their libraries).

This is how it has to work:

  • Let's say your app is hosted at glorifyapp.com/productshopify and this is where you point your Shopify app URL 
  • When a merchant comes to install your app from the public app store OR from the "install on your development store" link, Shopify will append shop, hmac and timestamp url parameters. So when someone clicks "install" they are routed to glorifyapp.com/productshopify?shop={shop}&hmac={hmac}&timestamp={timestamp}
  • In my case I'm using Javascript so I just do URLParams to get the shopOrigin to generate the dynamic permissionUrl 
  • In general, you need to write your own logic to determine if a user has already installed your app and has a valid accessToken and charge_id. If so, you can welcome them back to your app; if not, then you generate the permissionUrl so they can install your app. 

So as I stated, you need to follow the instructions in my previous message where you actually click "install" from the "test on your development store" and see what happens - this is the same way Shopify is testing your OAuth flow.