What's your biggest current challenge? Have your say in Community Polls along the right column.

Re: Node hmac verification fail

Solved

Why is my node HMAC verification failing in OAuth flow?

dafbuenoca
Visitor
2 0 0

Hi, I'm trying to verify the hmac value in  my oauth flow, I'm based in this section https://shopify.dev/apps/auth/oauth/getting-started#step-7-verify-a-request, but, when I try to match the  value generated with hmac, the values aren't the same result

function verifyRequest(req, res, next) {

    const {code, shop, timestamp} = req.query

    const message = `code=${code}&shop=${shop}&timestamp=${timestamp}`
    const generated_hash = crypto.createHmac('SHA256', apiSecret).update(message).digest('hex')
    if (generated_hash === req.query.hmac) {
        next()
    } else {
        const error = new Error(`The request verification is not successful`)
        error.status = 400
        error.type = 'expected'
        throw error
    }
}
Accepted Solution (1)

Leith
Shopify Partner
12 1 3

This is an accepted solution.

Hello Dafbuenoca,

 

I suggest you follow this official Shopify tutorial for the OAuth process:- 
https://www.youtube.com/watch?v=D3iO4mZHgLk

 

Thank you

Leith

View solution in original post

Replies 4 (4)

ReturnPrime
Shopify Partner
486 67 111

Hello,

Can you explain a little more? where is the apiSecret coming from?

Regards,
Mritunjay
ReturnPrime

dafbuenoca
Visitor
2 0 0

Hi, I have got the apiSecret and apiKey values from shopify admin dashboard, when I  generated a public app as picture show, then I saved that variables in .env file

dafbuenoca_0-1653662105087.png

 

Leith
Shopify Partner
12 1 3

This is an accepted solution.

Hello Dafbuenoca,

 

I suggest you follow this official Shopify tutorial for the OAuth process:- 
https://www.youtube.com/watch?v=D3iO4mZHgLk

 

Thank you

Leith

gck
Shopify Partner
1 0 0

Hey. I'm facing the same issue, I have tried everything and can't validate the hmac. Did you solved the problem?