Have your say in Community Polls: What was/is your greatest motivation to start your own business?

App Rejected For Not Following Immediate OAuth Requirement.. but we are?

App Rejected For Not Following Immediate OAuth Requirement.. but we are?

visitoredge
Shopify Partner
3 0 0

Hello everyone!

 

We tried submitting our app to the Shopify App Store. But got rejected with this error "Your app must immediately authenticate using OAuth before any other steps occur. Merchants should not be able to interact with the user interface (UI) before OAuth."

However, on our end we've ran some tests and everything is following the flow according to their requirements. We are unable to replicate the error on our end, after testing on multiple browsers with multiple users, even on incognito.

 

Our app flow is as follows (exactly as how Shopify asks for it):

  1. The merchant installs your app.
  2. Our app redirects the merchant to Shopify's OAuth authorization page.
  3. The merchant decides whether to grant the requested access to our app.
  4. Shopify redirects the merchant to our app along with an authorization code.
  5. Our app makes a request to Shopify to exchange the authorization code for an access token.

 

The reply we got from the store team shows us a screenshot with a DNS issue which is a "DNS_PROBE_FINISHED_NXDOMAIN" error. We even flushed our cache on Cloudflare, tested another few times and we can't replicate the error still. (URL in the screenshot also contains an HMAC in the slug, which is also working fine on our end.)

 

Any help would be greatly appreciated as the rejection emails from the Shopify store are all automated and don't accept responses.

 

Thanks in advance everyone! 

Replies 2 (2)

YOD_Solutions
Shopify Partner
256 28 36

Just curious, what happens in step 1 "The merchant installs the app" - when the customer clicks the install button? Does your app redirect them to the Shopify's OAuth authorization page on server side or does the redirect happens on a front-end (UI)? 

Founder @ JsRates: Custom Shipping Rates
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more about JsRates visit the JsRates home page or JsRates documentation
- Find JsRates on Shopify app store
visitoredge
Shopify Partner
3 0 0

Thanks for getting back! Appreciate.

Our OAuth flow is triggered in server-side but we're using "Shopify Managed installation" that does not need to redirect during installation to an external oAuth page.