Can OAuth be used in Private Apps?

Highlighted
New Member
3 0 0

Hi All,

We're started developing a Shopify App, consulting the documentation it seems that Private App avenue is the way to go for us, however the apparent lack of ability to use OAuth flow for login is a big downside. Looking at already existing partners that provide the similar functionality to what we are aiming to develop, we came across a seemingly Private App, to quote Shopify

This appears to be a private app and has not been reviewed or approved by the Shopify App Store team.

However the app in question most definitely uses OAuth as authentication  method, how is this possible and how can we create the same flow?

0 Likes
Highlighted
Pathfinder
131 11 20

There's a difference between Private App, and then a Custom App and Public App. Do you need your app to be embedded within Admin or POS in any way? If so, then you don't want Private App, you want the latter 2 options. 

My understanding is Private App you don't need or use OAuth because the merchant hands over their api key and secret to you, whereas the latter 2 you use OAuth. However, you'll find the "custom install link" for your merchant simply doesn't work if you create a Custom App, so AFTER you generate that link and specify which merchant your app is for, you instead send them a manually created OAuth link: 

https://{shop}.myshopify.com/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}&grant_options[]={access_mode}
0 Likes
Highlighted
New Member
3 0 0

Our app doesn't really need to be embedded into Admin Panel so it is not a consideration. The only downside to the Private App option is the manual configuration the end user has to do, if we could use OAuth it would be perfect. We understand from the documentation why and how the Private App works, however during research we have encountered seemingly Private Apps that work different then the documentation describes so we are looking for a way to do the same with regards to using OAuth

0 Likes
Highlighted
Pathfinder
131 11 20

If this app is just for one merchant then, your best bet is just Custom App. And I was wrong, the merchant install link does actually work, so you could send them the link which puts them through OAuth.

0 Likes