State parameter not being sent back after successful oauth install, can't validate nonce.

msdev1
New Member
1 0 0

Hi,

When one of our Merchants goes through the oauth flow for installing our app, I can see that the install works (from our Shopify partner dashboard), but when we receive the oauth callback, the `state` parameter is missing, and I therefore cannot validate the nonce. It's probably the same issue outlined in this forum topic but it appears no one from Shopify is looking at it: https://community.shopify.com/c/Shopify-APIs-SDKs/Bug-State-nonce-lost-when-redirected-back-to-app-d...

 

For full context, the only parameters I receive back in the redirect are: `code`, `hmac`, `shop`, and `timestamp`. The `state` parameter is missing entirely.

 

This is only occurring for one our new merchants, other merchants can install via oauth without any issue, which suggests it's not an implementation error. What's the best way to go about this?

 

Thanks in advance

 

0 Likes