Problem with oauth/authorize parameters

John_Dev
Tourist
3 0 2

Hello, I'm currently developing an embedded app. To facilitate testing before publishing I've made a page that requests authorization on the unpublished app so it can be installed and tested on other people's stores.

When creating the `oauth/authorize` request I make sure to pass the client_id, redirect_uri, scope and state parameters. Everything works fine if the user has logged in their store admin before making the installation request and my redirect_uri is properly receiving all of the parameters that it should: code, hmac, shop, state and timestamp.

If the user has not logged into their store admin before hand though this is what happens:

They are first redirected to the Shopify login page and after logging in they are shown the confirmation dialog from Shopify, everything so far is as expected. But when they are redirected to the redirect_uri after confirming the request I don't receive the state parameter back. I then have only these paramters passed to me from Shopify: code, hmac, shop and timestamp. After that, of course, my validation fails, because it couldn't verify the request.

I can see when I'm on the confirmation page (`admin/oauth/request_grant`) that the state param is in the GET parameters, like this:
https://[redacted].myshopify.com/admin/oauth/request_grant?client_id=[redacted_client_id]&redirect_u...

The redacted state here is the correct one that I've originally sent.

Am I missing something obvious here or is this a potential bug?

Alex
Shopify Staff
Shopify Staff
1555 81 294

Hey John,

Thanks for the report. This appears to be a bug that I can reliably replicate, so I'll pass this along to our development team. I'll post any updates here (including if that just means we're both somehow missing something).

Cheers.

0 Likes
Ajay_Kumar
Shopify Partner
10 0 5

Hi @Alex,

Any update on this issue? I'm also facing this issue and cannot find any alternate way around this.

0 Likes
Alex
Shopify Staff
Shopify Staff
1555 81 294

Hey Ajay,

No updates as of right now. I'm keeping an eye on the matter and will pass along relevant findings as they pop up.

Cheers.

0 Likes
Alex
Shopify Staff
Shopify Staff
1555 81 294

Hey everyone,

We've pushed a fix for this issue and you should no longer be affected. Let me know if you see anything to the contrary.

Cheers.

0 Likes
deepaknaikhnvrm
Tourist
3 0 0

I facing the same issue I am passing a state but the half of the state is coming, for example if I pass state url 
https://myapplication/#/landing?integration_key=thirdparty, but the state once it return to my app it will be only https://myapplication.
Even I have checked quoting the state url also not help

0 Likes