verifyRequest (v4.1.5) causing authentication loop

verifyRequest (v4.1.5) causing authentication loop

eias
Shopify Partner
4 0 1

Have any facing the same issue as mine ? Is not using verifyRequest will still guarantee security best practice ?

Currently using "@Shopify/koa-shopify-auth": "^4.1.5".

 

This is the boilerplate code I got when using shopify-cli

 

router.get("(/_next/static/.*)", handleRequest); // Static content is clear
router.get("/_next/webpack-hmr", handleRequest); // Webpack content is clear
router.get("(.*)", async (ctx) => {
  const shop = ctx.query.shop;

  // This shop hasn't been seen yet, go through OAuth to create a session
  if (ACTIVE_SHOPIFY_SHOPS[shop] === undefined) {
    ctx.redirect(`/auth?shop=${shop}`);
  } else {
    await handleRequest(ctx);
  }
});

 

 

When I check @Shopify/koa-shopify-auth documentation. I see that we should verifyRequest middleware.
Documentation link: https://github.com/Shopify/koa-shopify-auth#example-app 

 

// Everything else must have sessions
router.get('(.*)', verifyRequest(), async (ctx) => {
  // Your application code goes here
});

 

 

But when I insert verifyRequest() in my code, the app keep re authenticate until I got this message in Shopify Admin

 

router.get("(/_next/static/.*)", handleRequest); // Static content is clear
router.get("/_next/webpack-hmr", handleRequest); // Webpack content is clear
router.get("(.*)", verifyRequest(), async (ctx) => {
  const shop = ctx.query.shop;

  // This shop hasn't been seen yet, go through OAuth to create a session
  if (ACTIVE_SHOPIFY_SHOPS[shop] === undefined) {
    ctx.redirect(`/auth?shop=${shop}`);
  } else {
    await handleRequest(ctx);
  }
});

 

Error message from Shopify

eias_0-1650547857354.png

 

Replies 0 (0)