App installation works, but fails to get an auth token

Solved
jasoncarousel
Excursionist
16 2 2

Hello,

We are a Shopify Plus Plan merchant that has created our own custom app. We created a partner account and a test store to test our custom app. We install the app by going through these steps:

  • Log into partner account
  • Click the "Apps" item in the left nav menu
  • Click on our custom app in the app list
  • Click on the "Test Your App" button
  • Click on "Install App" link for the test store
  • Click on the "Install App" button on the "You are about to install" screen

The result of these steps is that the app is successfully installed, however the app gets a 400 (Bad Request) error when trying to get the access token from Shopify. When we examine the server logs, it looks as though the 400 error is specifically a CORS error, where Shopify won't accept our post request for the auth token.

Our app actually functions in the test store without the auth token, but we know that we'll need the auth token for future functionality, so any help figuring out how our custom app server can successfully request it would be a great help.

In case it helps, this is the C# code that our server is using to make the auth token request:

 

 

using (var client = new WebClient())
{
  var payload = new
  {
    client_id = "our client id",
    client_secret = "our client secret",
    code = "code that Shopify install callback provided"
  };
  var uri = "https://ourteststore.myshopify.com/admin/oauth/access_token";
  client.Headers[HttpRequestHeader.ContentType] = "application/json";
  client.Headers[HttpRequestHeader.Accept] = "application/json";
  var response = client.UploadString(uri, JsonSerializer.Serialize(payload));
}

 

 

 

 

0 Likes
policenauts1
Trailblazer
173 13 32

What happens if you change the content-type from application/json to text/plain? 

Perhaps relevant: https://stackoverflow.com/questions/38998684/cant-send-a-post-request-when-the-content-type-is-set-t...

0 Likes
jasoncarousel
Excursionist
16 2 2

We get the same error sending content type text/plain.

0 Likes
policenauts1
Trailblazer
173 13 32

Stop me if you've already tried this, but first sending the request from Postman, confirming that works, and then copying the provided C# request code and trying it that way?

0 Likes
jasoncarousel
Excursionist
16 2 2

That's a good suggestion, but we can't get the Postman request to work either. We are getting the same 400 CORS error. Is there a guide for how to build the Postman request to the auth_token API correctly? We're using a POST request sending the JSON string as raw body content. Not sure if that's how it should be built in Postman or not.

0 Likes
policenauts1
Trailblazer
173 13 32

I just checked an old Postman request I'd set up from a long time ago for testing this and I believe you want to pass them as parameters using x-www-form-urlencoded

0 Likes
jasoncarousel
Excursionist
16 2 2

Thanks for the suggestion! So we set up Postman to make a POST request with three x-www-form-urlencoded keys: client_id, client_secret, and code. And we plugged the values we are sending in the request. Was there anything else your Postman request was doing, with authorization or headers? Because when we submit the request that way, we still get the 400 error.

0 Likes
policenauts1
Trailblazer
173 13 32

The last thing is to click on 'Cookies' and delete all cookies (this is a Shopify + Postman specific thing). Give that a try. 

0 Likes
jasoncarousel
Excursionist
16 2 2

Same result, unfortunately. Our Plus Plan launch engineer wants us to try building our test store a different way, so we'll give that a shot.

Thanks for your help though!

0 Likes
policenauts1
Trailblazer
173 13 32

Sorry to hear no dice, good luck!

0 Likes