Have your say in Community Polls: What was/is your greatest motivation to start your own business?

Why is my node HMAC verification failing in OAuth flow?

Solved

Why is my node HMAC verification failing in OAuth flow?

dafbuenoca
Visitor
2 0 0

Hi, I'm trying to verify the hmac value in  my oauth flow, I'm based in this section https://shopify.dev/apps/auth/oauth/getting-started#step-7-verify-a-request, but, when I try to match the  value generated with hmac, the values aren't the same result

function verifyRequest(req, res, next) {

    const {code, shop, timestamp} = req.query

    const message = `code=${code}&shop=${shop}&timestamp=${timestamp}`
    const generated_hash = crypto.createHmac('SHA256', apiSecret).update(message).digest('hex')
    if (generated_hash === req.query.hmac) {
        next()
    } else {
        const error = new Error(`The request verification is not successful`)
        error.status = 400
        error.type = 'expected'
        throw error
    }
}
Accepted Solution (1)

Leith
Shopify Partner
12 1 3

This is an accepted solution.

Hello Dafbuenoca,

 

I suggest you follow this official Shopify tutorial for the OAuth process:- 
https://www.youtube.com/watch?v=D3iO4mZHgLk

 

Thank you

Leith

View solution in original post

Replies 4 (4)

ReturnPrime
Shopify Partner
486 67 111

Hello,

Can you explain a little more? where is the apiSecret coming from?

Regards,
Mritunjay
ReturnPrime

dafbuenoca
Visitor
2 0 0

Hi, I have got the apiSecret and apiKey values from shopify admin dashboard, when I  generated a public app as picture show, then I saved that variables in .env file

dafbuenoca_0-1653662105087.png

 

Leith
Shopify Partner
12 1 3

This is an accepted solution.

Hello Dafbuenoca,

 

I suggest you follow this official Shopify tutorial for the OAuth process:- 
https://www.youtube.com/watch?v=D3iO4mZHgLk

 

Thank you

Leith

gck
Shopify Partner
1 0 0

Hey. I'm facing the same issue, I have tried everything and can't validate the hmac. Did you solved the problem?