App submission got rejected due "Use OAuth to ask for scope permissions immediately after merchants"

Solved
financio
New Member
6 0 0

Our app's submission got rejected many time, the changes we required to do stated as "Use OAuth to ask for scope permissions immediately after merchants add your app.".

I am not sure what is that mean, seem like my app already ask for OAuth as in the video.

Any help is appreciated.

Thanks

 

0 Likes
policenauts
Trailblazer
162 7 26

This is a common problem - for the purposes of passing app submission, your app must trigger OAuth automatically (without any manual entry of the shop name) as if a merchant were clicking on "Add App" in the Shopify app store. The way to test that it's working is to install on your development store within your Partner dashboard using the "test on my development store" and then "install" link - this simulates the "Add App" button in the App Store. I would do this with multiple development stores to make sure it's dynamically changing for each store. 

After you get your app approved, it's fine to do it the way you are doing it. 

0 Likes
financio
New Member
6 0 0

Thanks for your response. I have tried but why it redirect to my app with the hmac value? How to make it redirect to oauth? Is there any setting I need to update?

 

0 Likes
policenauts
Trailblazer
162 7 26

This must be determined by your own app's logic when it receives a request. For example, when my app receives a request I check the shop origin against my database to confirm if I have a valid access token; if I do not, then I will redirect them to the OAuth permission URL.

0 Likes
financio
New Member
6 0 0

A bit confuse, how to match the shop with our user in db if the Shopify shop's data not there yet?

For example if the user want to connect with clearwater-dev shop in Shopify, but in our db don't have that data yet, how to know which user will match with clearwater-dev shop?

0 Likes
policenauts
Trailblazer
162 7 26

This is an accepted solution.

Shopify will always append a 'shop' parameter to each url request coming from Shopify, so you can use query string parameters and grab it. And then in terms of checking against your db, the logic I have is:

  • Check if I have an access token - if not, route to OAuth
  • If there is an access token, check it is valid by actually making a request to the 'metafields' endpoint - if it is invalid, route to OAuth
  • Then check if I have an active charge ID on file for them - again if not, create a billing URL for them

Many make the mistake of only checking if they already have an access token in the db for that shop, but the correct move is to actually make a request to ensure validity.  

0 Likes
financio
New Member
6 0 0

How do you check the data if the user not login in your application yet? In case for our app, we need the user to login first so we can get data and do the checking.

0 Likes
policenauts
Trailblazer
162 7 26
I am talking about how you actually pass the app submission process. In
real life, your users will actually just enter their shop name like you
have it.
0 Likes
financio
New Member
6 0 0

Thanks @policenauts the OAuth got passed after I resubmit it, but still got rejected with different changes required. I will need to check the changes required one by one.

0 Likes
financio
New Member
6 0 0

Hi @policenauts , is the unlisted Shopify app required to use Billing API? My web app have Premium subscription using other merchant for the payment.

0 Likes