This is a common problem - for the purposes of passing app submission, your app must trigger OAuth automatically (without any manual entry of the shop name) as if a merchant were clicking on "Add App" in the Shopify app store. The way to test that it's working is to install on your development store within your Partner dashboard using the "test on my development store" and then "install" link - this simulates the "Add App" button in the App Store. I would do this with multiple development stores to make sure it's dynamically changing for each store. 

After you get your app approved, it's fine to do it the way you are doing it. 

Thanks for your response. I have tried but why it redirect to my app with the hmac value? How to make it redirect to oauth? Is there any setting I need to update?

This must be determined by your own app's logic when it receives a request. For example, when my app receives a request I check the shop origin against my database to confirm if I have a valid access token; if I do not, then I will redirect them to the OAuth permission URL.

A bit confuse, how to match the shop with our user in db if the Shopify shop's data not there yet?

For example if the user want to connect with clearwater-dev shop in Shopify, but in our db don't have that data yet, how to know which user will match with clearwater-dev shop?

How do you check the data if the user not login in your application yet? In case for our app, we need the user to login first so we can get data and do the checking.

Thanks @policenauts the OAuth got passed after I resubmit it, but still got rejected with different changes required. I will need to check the changes required one by one.

Hi @policenauts , is the unlisted Shopify app required to use Billing API? My web app have Premium subscription using other merchant for the payment.