Questions and discussions about using the Shopify CLI and Shopify-built libraries.
Hello,
We're trying to submit an app to the Shopify store that works with our online accounting website. The idea is simple: we have clients who have Shopify stores and would like to use our website to generate invoices for their Shopify orders.
They can install the Shopify app straight from our website which follows the OAuth procedure. However, that cannot happen until our app is listed publicly in the store and in order to do that we have to follow the 'install procedure' required by the shopify app submission process. This goes through installing the app via a test Shopify store on the shopify website itself. So in order to install the app we need to associate a user from our service with a shopify store owner. Hence, we redirect to our website, where after authentication, the user can connect their shopify store to our service account. However, our app keeps getting rejected because we're supposed to redirect the user immediate to the OAuth process:
"There was an error installing your app. The app must be installed to perform the security check. We expected OAuth to be initiated at https://app-security.myshopify.com/admin/oauth/authorize but were redirected to https://nula.bg/login. Your app must request installation immediately after clicking "add app." Apps must request shop access during installation, or reinstallation if the app was previously uninstalled from the shop."
Can anyone help out? I think our use case is pretty standard, how can we achieve our goals and get through the approval process?
Thanks!
Hey there,
If I've understood correctly your desired flow when installing the app is in this order
1. Connect the store with a user record you have
2. Go through OAuth the install the app.
It sounds like you need to switch the order these two things, e.g:
1. Go through OAuth the install the app.
2. Connect the store with a user record you have
Technically this would look something like:
1. Check if you have an offline token for this store
2. Redirect to OAuth if not
3. Check if you have a user record from your database associated wit the store.
4. Redirect to a page where they can connect the store with your user record if not.
Does that sound possible?
I think the order matters here because a merchant has to give permission to share data before they actually share data. If a user first connects their store with your user record, then they have not yet given permission to share any data.
Richard
To learn more visit the Shopify Help Center or the Community Blog.
Thanks for the feedback. We'll give this a try and we'll write back the result.
curious to know the results 🙂