Our app's submission got rejected many time, the changes we required to do stated as "Use OAuth to ask for scope permissions immediately after merchants add your app.".
I am not sure what is that mean, seem like my app already ask for OAuth as in the video.
Any help is appreciated.
Shopify will always append a 'shop' parameter to each url request coming from Shopify, so you can use query string parameters and grab it. And then in terms of checking against your db, the logic I have is:
Many make the mistake of only checking if they already have an access token in the db for that shop, but the correct move is to actually make a request to ensure validity.