The authorization code was not found or was already used

ProfitCalc
Shopify Partner
5 0 1

Hi, I sometime gets this error "The authorization code was not found or was already used" but I'm not sure how a user would trigger it. 

 

It ends up crashing my entire app whenever the error occurs. I'm running Node.js and express. I'm using the code listed to setup a shopify app from the documentation

 

 

 

//see documentation for more info. Creates an install route.
const express = require('express');
const cookie = require('cookie');
const nonce = require('nonce')();
const querystring = require('querystring');
const request = require('request-promise');
const airbrake = require('../utils/airbrake');

const apiKey = process.env.SHOPIFY_API_KEY;
const apiSecret = process.env.SHOPIFY_API_SECRET;
const scopes = 'read_orders, read_all_orders, read_products, read_inventory';
const forwardingAddress = 'https://www.profitcalc.io';

//SHOPIFY INSTALL ROUTE
exports.installFunction = (req, res) => {
  const shop = req.query.shop;
  if (shop) {
    const state = nonce();
    const redirectUri = forwardingAddress + '/shopify/callback';
    const installUrl =
      'https://' +
      shop +
      '/admin/oauth/authorize?client_id=' +
      apiKey +
      '&scope=' +
      scopes +
      '&state=' +
      state +
      '&redirect_uri=' +
      redirectUri;

    res.cookie('state', state);
    res.redirect(installUrl);
  } else {
    return res
      .status(400)
      .send(
        'Missing shop parameter. Please add ?shop=your-development-shop.myshopify.com to your request'
      );
  }
};

exports.callbackFunc = (req, res) => {
  try {
    const { shop, hmac, code, state } = req.query;
    const stateCookie = cookie.parse(req.headers.cookie).state;

    if (state !== stateCookie) {
      return res.status(403).send('Request origin cannot be verified');
    }

    if (shop && hmac && code) {
      // DONE: Validate request is from Shopify
      const map = Object.assign({}, req.query);
      delete map['signature'];
      delete map['hmac'];
      const message = querystring.stringify(map);
      const providedHmac = Buffer.from(hmac, 'utf-8');
      const generatedHash = Buffer.from(
        crypto
          .createHmac('sha256', apiSecret)
          .update(message)
          .digest('hex'),
        'utf-8'
      );
      let hashEquals = false;

      try {
        hashEquals = crypto.timingSafeEqual(generatedHash, providedHmac);
      } catch (e) {
        hashEquals = false;
      }

      if (!hashEquals) {
        return res.status(400).send('HMAC validation failed');
      }

      // Exchange temporary code for a permanent access token
      const accessTokenRequestUrl =
        'https://' + shop + '/admin/oauth/access_token';
      const accessTokenPayload = {
        client_id: apiKey,
        client_secret: apiSecret,
        code
      };

      request
        .post(accessTokenRequestUrl, { json: accessTokenPayload })
        .then(accessTokenResponse => {
          const accessToken = accessTokenResponse.access_token;
        })
        .catch(error => {
          airbrake.notify(error);
          airbrake.notify(error.error.error_description);
        });
    } else {
      airbrake.notify(
        'there was an error in the billing route in the else statement'
      );
    }
  } catch (err) {
    console.log(err);
    airbrake.notify(err);
  }
};

 

  

0 Likes