Node.js - Confirm Installation HMAC Verification always fails

Highlighted
Shopify Partner
28 0 0

I'm trying to create my first Shopify App using Node.js and right now I can't even go through auhorisation.

I'm following the instructions on this page : https://docs.shopify.com/api/authentication/oauth#get-the-client-redentials and it's working  fine when it comes to verifying the very first request I get from Shopify (when the user clicks on the "Get this app" button).

However, authentication fails for the 2nd request I get from Shopify  (when the user clicks on the Installation prompt from withiin their Shop Dashboard) :

What am I doing wrong ?

 

app.get('/', function(req, res)
{
    var hmac = req.query.hmac;
    var shop = req.query.shop;
    var ts = req.query.timestamp;

    var hmacByCrypto = crypto.createHmac("sha256", secret).update('shop=' + shop + '&timestamp=' + ts).digest("hex");
  
    // THIS IS WORKING FINE
    if (hmac === hmacByCrypto)
    {
       res.redirect('https://' + shop + '/admin/oauth/authorize?client_id=' + apiKey + '&scope=' + scope + '&redirect_uri=' + redirectUrl + '&state=' + nonce);
    }

});

app.get('/authorized', function(req, res)
{
    var hmac = req.query.hmac;
    var shop = req.query.shop;
    var ts = req.query.timestamp;

    var hmacByCrypto = crypto.createHmac("sha256", secret).update('shop=' + shop + '&timestamp=' + ts).digest("hex");
    
    // THIS HAS NEVER WORKED - hmac & hmacByCrypto are never the same
    if (hmac === hmacByCrypto)
    {
       // get auth token and finalize installation
    }
});

 

Thank you in advance for any help!

0 Likes
Highlighted
Tourist
3 1 0

You should add code query to update method.

In this way:

 

.update('code=' + code + '&shop=' + shop + '&timestamp=' + timestamp)
0 Likes