Conversations about creating, managing, and using metafields to store and retrieve custom data for apps and themes.
Our app's submission got rejected many time, the changes we required to do stated as "Use OAuth to ask for scope permissions immediately after merchants add your app.".
I am not sure what is that mean, seem like my app already ask for OAuth as in the video.
Any help is appreciated.
Thanks
Solved! Go to the solution
This is an accepted solution.
Shopify will always append a 'shop' parameter to each url request coming from Shopify, so you can use query string parameters and grab it. And then in terms of checking against your db, the logic I have is:
Many make the mistake of only checking if they already have an access token in the db for that shop, but the correct move is to actually make a request to ensure validity.
This is a common problem - for the purposes of passing app submission, your app must trigger OAuth automatically (without any manual entry of the shop name) as if a merchant were clicking on "Add App" in the Shopify app store. The way to test that it's working is to install on your development store within your Partner dashboard using the "test on my development store" and then "install" link - this simulates the "Add App" button in the App Store. I would do this with multiple development stores to make sure it's dynamically changing for each store.
After you get your app approved, it's fine to do it the way you are doing it.
Thanks for your response. I have tried but why it redirect to my app with the hmac value? How to make it redirect to oauth? Is there any setting I need to update?
This must be determined by your own app's logic when it receives a request. For example, when my app receives a request I check the shop origin against my database to confirm if I have a valid access token; if I do not, then I will redirect them to the OAuth permission URL.
A bit confuse, how to match the shop with our user in db if the Shopify shop's data not there yet?
For example if the user want to connect with clearwater-dev shop in Shopify, but in our db don't have that data yet, how to know which user will match with clearwater-dev shop?
This is an accepted solution.
Shopify will always append a 'shop' parameter to each url request coming from Shopify, so you can use query string parameters and grab it. And then in terms of checking against your db, the logic I have is:
Many make the mistake of only checking if they already have an access token in the db for that shop, but the correct move is to actually make a request to ensure validity.
How do you check the data if the user not login in your application yet? In case for our app, we need the user to login first so we can get data and do the checking.
Thanks @Filljoy the OAuth got passed after I resubmit it, but still got rejected with different changes required. I will need to check the changes required one by one.
Hi @Filljoy , is the unlisted Shopify app required to use Billing API? My web app have Premium subscription using other merchant for the payment.