App redirect URL getting hit twice after installing it in development store

Highlighted
Tourist
9 0 1

When I install App in my development store, I'm getting 2 hits in my redirection endpoint. This may very well be due to a bug in my code. But what's interesting is that the 2nd URL has some extra params attached to it. Here are the hits from my servers access log:

 

 

[14/Aug/2020: 21:18:28] "GET /shopify/authenticate?code=e83946ff5d99a8c1a2b6c82e5c002752&hmac=8cffe8fe498af56f80e4f3e023ef099f9294c0b87a7af7c459169bad11ba69e0&shop=myshop.myshopify.com&state=state&timestamp=1597418264 
[14/Aug/2020: 21:18:32] "GET /shopify/authenticate?code=e83946ff5d99a8c1a2b6c82e5c002752&hmac=c232df299d063427fa89ea12ca52eb16e959af106733b136ae0c537d029686f3&locale=en&session=a04feab4048940d9436c19e39e70a1ad0098fcb3267f2c9feb4065b1573f0389&shop=myshop.myshopify.com&state=state&timestamp=1597418268

 

 

Notice, in the 2nd log, there is an extra session parameter.

I am getting a 400 on the 2nd hit as I am trying to generate an access token using the same code for the second time.

I am returning the following code as the result of the 1st hit 

 

    var AppBridge = window['app-bridge'];
    var createApp = AppBridge.createApp;
    var actions = AppBridge.actions;
    var Redirect = actions.Redirect;

    var apiKey = "{{$apiKey}}";
    var shopOrigin = "{{$shopOrigin}}";
    
    var app = createApp({
        apiKey: apiKey,
        shopOrigin: shopOrigin
    });

    app.dispatch(Redirect.toApp({ path: '/' }));

 

Did anyone face this scenario? What may cause it other than bug in my code?

0 Likes
Highlighted
Shopify Partner
40 3 14

Depending on your setup this is to be expected. The Oauth actually requires at minimum two calls to your app. Most apps handle both calls in the same file/endpoint. And the second of which tends to contains the `locale` and `session` variables you see in your second call. If you have control of your Oauth the easiest thing to do is separate the calls. This looks like this in terms of flow:

The first call goes to your Oauth, you handle the data received then call their myshopify.com URL of the second step of the Oauth. In this step you need to supply the next redirect. This one should point to a different redirect URL than the original call to start the install/Oauth. Then that location/endpoint would handle the last part of the Oauth handshake and upon successful confirmation return with a redirect to your actual apps location. Hope this helps but if not or you need further explanation of what I mean just let me know and I will try to help you further. 

0 Likes
Highlighted
Tourist
9 0 1

Hi @Martin_Caum 

I am using 2 separate links for my App and redirect URL

/shopify is the App URL. Shopify hits this endpoint when "Add App" is clicked and I redirect to the <shop>.myshopify.com store's OAuth page

/shopify/authenticate is the redirection or authentication URL. Shopify hits this endpoint with the authorization code after merchant consents to the OAuth.

So, /shopify/authenticate should get hit once. It would be great to get s

0 Likes
Highlighted
Shopify Partner
40 3 14

That is interesting. You are correct then that it should only be getting hit once. Have you tried adding manual server side logs? What I would do is every step of the way, print out to a server side log that this step is executing (with a timestamp and any relevant variables). This could help you determine how or why it is looping.

0 Likes