State parameter not being sent back after successful oauth install, can't validate nonce.

msdev1
Tourist
4 0 1

Hi,

When one of our Merchants goes through the oauth flow for installing our app, I can see that the install works (from our Shopify partner dashboard), but when we receive the oauth callback, the `state` parameter is missing, and I therefore cannot validate the nonce. It's probably the same issue outlined in this forum topic but it appears no one from Shopify is looking at it: https://community.shopify.com/c/Shopify-APIs-SDKs/Bug-State-nonce-lost-when-redirected-back-to-app-d...

 

For full context, the only parameters I receive back in the redirect are: `code`, `hmac`, `shop`, and `timestamp`. The `state` parameter is missing entirely.

 

This is only occurring for one our new merchants, other merchants can install via oauth without any issue, which suggests it's not an implementation error. What's the best way to go about this?

 

Thanks in advance

 

0 Likes
SBD_
Shopify Staff
Shopify Staff
1089 147 199

Hey @msdev1 

Can you please DM me the installation URL + merchant store details?

0 Likes
msdev1
Tourist
4 0 1

Hi @SBD_, thanks but the issue resolved itself a week later when Shopify's payload started including the state param again. Let me know if you still need details