Nonce lost in OAuth flow

Highlighted
Tourist
7 0 1

When authenticating our app, the nonce (state) is lost during redirect back to the main app url.

 

This seems to be a recurrent error for the past several years. I've isolated the problem to being during the redirect from shopify back to us when authenticating.

 

What should I do?

1 Like
Highlighted
Tourist
7 0 1

To add details, the above is happening only when adding new app permissions, not when authenticating completely new users.

 

Other than that I fail to see the difference between the current bug and the one that has been happening and mentioned in threads over the past several years.

 

Also, the auth has been attempted both at the authroize and request_grant endpoints, and both return the exact same thing, lacking a nonce.

 

Since you've replied on previus questions about this problem @Alex 

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1040 139 163

Hey @Saelben,

 

I'm unable to replicate this on a demo app - the state persists when updating scopes.

 

Can you please provide app details / demo shop / replication steps via DM?

0 Likes
Highlighted
Tourist
7 0 1

Sent

0 Likes