"Request origin could not be verified" on install

Shopify Partner
12 1 9

Hi,

 

Out of nowhere I am getting an issue with installing my development app.

This was working just fine for months, and then all of a sudden I started getting back a 403 with the following error:

Request origin could not be verified

 I am using the following libraries (among others):

 "@shopify/app-bridge-react": "^1.20.2",
    "@shopify/koa-shopify-auth": "^3.1.63",
    "@shopify/polaris": "^4.17.0",
    "@types/fetch-mock": "^7.3.2",
    "@zeit/next-css": "^1.0.1",
    "next": "^9.3.4",
    "next-routes": "^1.4.2",
    "install": "^0.13.0",
    "isomorphic-fetch": "^2.2.1",
    "js-cookie": "^2.2.1",
    "koa": "^2.11.0",
    "koa-router": "^8.0.8",
    "koa-session": "^5.13.1",
    "koa-static": "^5.0.0",

This is my server.js file

require("dotenv").config();
require('isomorphic-fetch');
const dotenv = require('dotenv');
const Koa = require('koa');
const Router = require('koa-router');
const next = require('next');
const { default: createShopifyAuth } = require('@shopify/koa-shopify-auth');
const { verifyRequest } = require('@shopify/koa-shopify-auth');
const session = require('koa-session');
const Logger = require('logdna');

dotenv.config();

const port = parseInt(process.env.PORT, 10) || 80;
const dev = process.env.NODE_ENV !== 'production';
const app = next({ dev });
const handle = app.getRequestHandler();

const { SHOPIFY_API_SECRET_KEY, SHOPIFY_API_KEY, BACKEND_HOST, BACKEND_PORT } = process.env;
const isCookieSecure = !dev;

const router = new Router();
router.get('/_health', (ctx) => {
    ctx.body = 'ok for shopify';
});

app.prepare().then(() => {
    const server = new Koa();
    server.use(router.routes());
    server.keys = [SHOPIFY_API_SECRET_KEY];
    console.log('preparing')
    server.use(session({httpOnly: false, secure: isCookieSecure, sameSite: 'none'}, server));
    server.use(
        createShopifyAuth({
            apiKey: SHOPIFY_API_KEY,
            secret: SHOPIFY_API_SECRET_KEY,
            scopes: ['read_products',
                'write_script_tags',
                'write_orders',
                'read_draft_orders',
                'write_draft_orders',
                'write_checkouts',
                'read_product_listings'
            ],
            // set access mode, default is 'online'
            accessMode: 'offline',
            afterAuth(ctx) {
                const { shop, accessToken } = ctx.session;
                console.log('in here ', shop, accessToken, ctx.session)
                fetch(`${BACKEND_HOST}:${BACKEND_PORT}/auth/shopify/install?shop=${shop}&code=${accessToken}`)
                    .then( response => {
                        merchantLogger.info(`${shop} successfully installed`, { meta: { response }});
                    })
                    .catch(error => {
                        merchantLogger.error(`${shop} failed to install`, { meta: { error }});
                    });
                ctx.cookies.set('shopOrigin', shop, { httpOnly: false, sameSite: 'none', secure: isCookieSecure });
                ctx.redirect('/');
            },
        }),
    );

    server.use(verifyRequest());
    server.use(async (ctx) => {
        console.log('in here ', ctx.req.body, ctx.req.headers);
        await handle(ctx.req, ctx.res);
        ctx.respond = false;
        ctx.res.statusCode = 200;
    });

    server.listen(port, () => {
        console.log(`> Ready on http://localhost:${port}`);
    });
});

I have no idea why out of nowhere this just started happening. Any help would be appreciated.

1 Like
Highlighted
Shopify Partner
12 1 9

I noticed that that the shopifyNonce cookie is no longer being set which is what is causing the issue above. 

This is the code that returns the error: https://github.com/Shopify/quilt/blob/5ba6cd69793a071950467c5f09c4dee9e93d15d0/packages/koa-shopify-...

 

However, why this cookie is no longer being set is anyones guess

Screen Shot 2020-06-06 at 6.55.26 PM.png

1 Like
Highlighted
Shopify Staff
Shopify Staff
1041 140 167

Interesting. Did you make any progress?

Please create an issue here: https://github.com/Shopify/quilt/issues

Notice; Out of office, replies will be delayed until my return. Thanks!
0 Likes
Highlighted
Shopify Partner
12 1 9

so i found a workaround.

Before I used to install the app by going to https://xxxx.ngrok.io/auth?shop=myshop.myshopify.com

This just randomly stopped working. So what I did was I went to the app setup and went thru the: "install  on a test store" flow through the app setup page.

This seems to work.

There is already an open issue here regarding to this:

https://github.com/Shopify/quilt/issues/1248

0 Likes