we developed an app which is working just fine (install, working in the store, delete ...) but we got this message from the shopify team and then forwarded us to this forum:
"...your app hasn't implemented authentication through OAuth correctly and can't be reinstalled..."
We are not really sure what is meant with reinstall. From the store backend view deleting the App and reinstalling works just fine, also the token is used as described in the documentation. We can only imagine they tried to to reinstall the app from the partner account backend view, while the app is already installed. If so then we would have a question, how we would distinguish those two calls for when to take the action to remove and reinstall the app and NOT remove it when the usual call from an already installed app is made:
1) Call made from the store backend to render the app: ?hmac=xxx&host=xxx&locale=de-DE&new_design_language=true&session=xxx&shop=xxx×tamp=1626168407
2) Call made from the partner account backend to reinstall the app: ?hmac=xxx&shop=xxx×tamp=1626114105
Should we focus on the session & host parameter to distinguish for when we need to delete & new install the app? When those two parameters are not passed, we would always reinstall the app?