auth embedded app in chrome's incognito mode

auth embedded app in chrome's incognito mode

Hyildirimkm
Shopify Partner
6 0 1

Hi;

I am developing my first shopify app and i struggling with this error.

 

I have no error on chrome's normal mode. In incognito mode it redirects to "https://my_shop_name.myshopify.com/admin/auth/login"

 

Theese are the steps;

 

first request come to my app:

"https://app.mysite.com/auth/shopify.php?embedded=1&hmac=a7ea1f57663a9..."

auth-shopify-1.png

 

i redirect to "https://my_shop_name.myshopify.com/admin/oauth/authorize?client_id=fd27a74fc***&scope=read_orders..."

authorize-2.png

 

For some reason shopify did not redirect back to my app. instead redirects to "https://my_shop_name.myshopify.com/admin/auth/login"

auth-login-3.png

 

i am using this PHP library: https://github.com/gnikyt/Basic-Shopify-API

Can you help me?

 

Replies 6 (6)

Shine18pk
Shopify Partner
30 7 13

Hey
Embedded app use JWT authentication, which is stored in cookies in browser. and you are trying to use it in incognito mode, which doesn't save cookies. 

To use embedded app in incognito mode, you would have to allow to save third party cookies.

- Need a Shopify developer? Chat on WhatsApp
- For Shopify Design Changes | Shopify Custom Coding | Custom Modifications
- Your Coffee Tip , my code - a perfect blend! ❤️
Hyildirimkm
Shopify Partner
6 0 1

Thank you for your response. 

I can allow cookies in my browser but Shopify App Review Team forces me to resolve this issue. How can i do that without allowing third party cookies?

miguel1vega
Shopify Partner
8 0 2

Did you manage to resolve it? Same issue here

Building Shopify Blockchain Apps
Hyildirimkm
Shopify Partner
6 0 1

yes i solved it but i cant remember how. If you use php i can send you that part of code. Thats only i can do for you. Sorry

srinivasan12_in
Shopify Partner
2 0 0

Hi @Hyildirimkm 

 

 I am facing the same issue, and i am using php, can you share me the code please.

Hyildirimkm
Shopify Partner
6 0 1

this is function that do the magic.

 

public function get_and_redirect_auth_url($shop_url)
{
$scopes = [
'read_orders', 'write_orders',
'read_fulfillments', 'write_fulfillments',
'read_assigned_fulfillment_orders', 'write_assigned_fulfillment_orders',
'read_merchant_managed_fulfillment_orders', 'write_merchant_managed_fulfillment_orders',
'read_third_party_fulfillment_orders', 'write_third_party_fulfillment_orders'
];
 
$local_url = 'https://'.SITE_URL.'/auth/shopify.php';
 
$redirect = $this->client->getAuthUrl($scopes, $local_url);
 
header("Content-Security-Policy: frame-ancestors https://$shop_url https://admin.shopify.com;");
header("Access-Control-Allow-Origin: *");
//header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, post, get');
//header("Access-Control-Max-Age", "3600");
//header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
//header("Access-Control-Allow-Credentials: true");
//header("Location: {$redirect}");
 
echo '
  <!DOCTYPE html>
  <html>
    <head>
      <title>Redirecting, please wait...</title>
  <script src="https://unpkg.com/@shopify/app-bridge@2"></script>
      <script>
      document.addEventListener("DOMContentLoaded", function () {
        var redirectUri = "'.$local_url.'";
        var permissionURL = "'.$redirect.'";
 
          if (window.top == window.self) {
            window.location.assign(permissionURL);
          } else {
            var AppBridge = window["app-bridge"];
            var createApp = AppBridge.default;
            var Redirect = AppBridge.actions.Redirect;
 
            const app = createApp({
              apiKey: "'.self::$api_key.'",
              forceRedirect: true,
              host: new URLSearchParams(location.search).get("host")
            });
            Redirect.create(app).dispatch(Redirect.Action.REMOTE, permissionURL);
          }
        });
      </script>
    </head>
    <body>
        Redirecting, please wait...
    </body>
  </html>
  ';
 
die();
}