App install doesn't link to correct OAuth url

Shopify Partner
39 3 28


My app was recently submitted and I've been getting reports that if users click on 'Install app' on the listing page, they're redirected to an URL on their store resulting in a 404 page, while they should be redirected to the OAuth URL.

If they try to install it a second time, it works just fine.

I have no clue why this is happening, so hopefully somebody here knows the answer.

First bit of information: my app is build using NextJS.

So when the user pushes the install button, the first URL they go to is:

This will reach my index.tsx file.



export default function Home() {
  // page context params
  useEffect( () => {
    if ( typeof window !== "undefined" && window.location ) {
      const query = qs.parse(;
        .post("/api/auth", {
          query: query,
        .then( ( response: any ) => {
          if ( ) {
            if (window.parent) {
              window.parent.location.href =;
            } else {
              window.location.href =;
        .catch( function (error) {
          // handle error
        } );
  }, [] );



For authentication I use a package called Shopify NextJS Toolbox.

Therefore, my api/auth.tsx file is very bare-bones and looks like this:



import { handleAuthStart } from 'shopify-nextjs-toolbox';

export default handleAuthStart;



The code for handleAuthStart can be found here.

I'm pretty sure the issue is due to the fact that the api/auth endpoint isn't resolving correctly. I can see that it keeps PENDING in the DevTools. But I'm not sure how to fix that.

The code in index.tsx doesn't reach the .then() part but still, the user is for some reason redirected to:

This URL is the URL they should eventually end up at after walking through the OAuth (granting my app access) with the difference that there should be "admin/" between "" and "/apps". (

And like I said above. If the user would try this a second time shortly after, the OAuth flow works correctly, the api/auth endpoint resolves and the app can be installed.

I've tried several things to resolve this myself.

First thing I noticed was that the query object in the index.tsx file wasn't entirely correct.
The qs.parse() method kept the question mark from the hmac param. So instead of { hmac: hmac-string, shop:, timestamp: 1634798897 } it returned { ?hmac: hmac-string, ... }. This briefly seemed to resolve the error yesterday, but the issue returned today so the fact it seemed to work again was just a weird fluke.

I've tried adding my own handleAuthStart file instead of using the external one from the package. In a local dev environment, I can then see that it goes through the whole function, even to the part where it returns the response with a status of 200 and the authUrl as a redirectUrl, but still it doesn't resolve correctly.


My own best guess is that for some reason it fails on one of the first lines in the handleAuthStart file but I have no idea how to debug that.

Really hoping somebody can give me a pointer.

For anybody wanting to try it out and see the issue for themselves. Here's my app listing page:

Replies 0 (0)