We are submitting a new app but has some trouble with the app review team.
He demanded that "if you chose for the app UI to appear as embedded. The login must also be embedded and vice versa. You will only need to make sure, both login and the UI must be consistent." based on the requirement https://shopify.dev/concepts/app-store/getting-your-app-approved/app-requirements#a-embedding-into-t...
"If your app uses embedded app methods, then it must do so consistently. This means that it must provide a consistent embedded user interface experience that **begins after authentication**."
note: "begins after authentication" is highlighted by me because I think it means the app should be embedded after initial oauth redirect.
We are doing OAuth and the breaking iframe is required and unavoidable then.
According to the dev doc, https://shopify.dev/tools/app-bridge/getting-started#authenticate-with-oauth
"Since embedded applications are loaded inside an iframe, it is critical that the initial OAuth redirect to Shopify occurs at the parent level, escaped from the iframe."
the "initial OAuth redirect" will break the iframe and redirect to our site for authentication.
it's somehow conflict with the requirement of app review team.
Therefore, is there any way that can make oauth redirect happen in shopify admin without breaking iframe?
Thanks in advance!
My app does it this way and was approved (though this was a few months back). I currently have an app in review that utilizes the same OAuth code so hopefully it passes too.
Also, when I built a rails app using their own Shopify CLI, the behavior after OAuth is the same. To confirm though, does your app then immediately force redirect back into the iFrame? If it stays outside the iframe, see: https://community.shopify.com/c/Shopify-Apps/Force-the-App-to-Embed-within-the-Shopify-Admin-UI-when...