Focuses on API authentication, access scopes, and permission management.
This morning I discovered our OAuth flow for installing apps is broken. The issue appears to be on Shopify's end. Shopify asks me to log in after initiating the request, and from the log in page I am redirected to:
https://consignify.myshopify.com/admin/auth/login?login=<MY_EMAIL>&st_source=merchant_space_stores&redirect=oauth%2Fauthorize%3Fstate%3D14a33e32d3386d6f45c1c30c02abbc37160b3293ba5ba61f5be5e52c8dc57aea%26client_id%3D7cd48fe87ec3c9288ed05bcb6139c257%26redirect_uri%3D<OUR_DOMAIN>2F%26scope%3Dread_locations%252Cread_products%252Cwrite_products%252Cread_orders%252Cwrite_orders%252Cread_inventory%252Cwrite_inventory%252Cread_customers%252Cwrite_customers&from_identity=true
This endpoint returns the header `Location: https://admin.shopify.com/store/<MY_STORE>` rather than the app installation page. This is happening consistently regardless of which test store we use, although it might be limited to test stores, since our customers seem to be able to link their stores ok.
This issue has been happening off and on for months now. Sometimes we get the above behavior, and sometimes the redirect sends us to an install page for a completely different app! Our code has not changed, so unless there was a recent update, this issue is on Shopify's end.
Shopify staff: can you help us resolve this? We can't do any development in the meantime because we can't link our app to a development store, and I'm afraid this is affecting real customers as well.
I am facing an issue since 7 AM UTC today where some (random?) newly installed stores will always receive invalid API tokens. The install goes through fine, the app is registered in customers Admin, but when app tries to use credentials we just get "[API] Invalid API key or access token (unrecognized login or wrong password)" Request ID: 935ea3ec-74ff-46b5-8b18-2c0355c4b003
Come on Shopify, please fix this, our customer support is overflowing.