auth embedded app in chrome's incognito mode

Retired Boards Appdev Authentication
1

Hi;

I am developing my first shopify app and i struggling with this error.

I have no error on chrome’s normal mode. In incognito mode it redirects to “https://my_shop_name.myshopify.com/admin/auth/login

Theese are the steps;

first request come to my app:

https://app.mysite.com/auth/shopify.php?embedded=1&hmac=a7ea1f57663a9…”

auth-shopify-1.png
auth-shopify-1.png1920×844 43.1 KB

i redirect to “https://my_shop_name.myshopify.com/admin/oauth/authorize?client_id=fd27a74fc***&scope=read_orders…”

authorize-2.png
authorize-2.png1920×845 44.8 KB

For some reason shopify did not redirect back to my app. instead redirects to “https://my_shop_name.myshopify.com/admin/auth/login

auth-login-3.png
auth-login-3.png1920×839 64.3 KB

i am using this PHP library: https://github.com/gnikyt/Basic-Shopify-API

Can you help me?

1 Like
2

Hey
Embedded app use JWT authentication, which is stored in cookies in browser. and you are trying to use it in incognito mode, which doesn’t save cookies.

To use embedded app in incognito mode, you would have to allow to save third party cookies.

3

Thank you for your response.

I can allow cookies in my browser but Shopify App Review Team forces me to resolve this issue. How can i do that without allowing third party cookies?

4

Did you manage to resolve it? Same issue here

5

yes i solved it but i cant remember how. If you use php i can send you that part of code. Thats only i can do for you. Sorry

6

Hi @Hyildirimkm

I am facing the same issue, and i am using php, can you share me the code please.

7

this is function that do the magic.

public function get_and_redirect_auth_url($shop_url)
{
$scopes = [
‘read_orders’, ‘write_orders’,
‘read_fulfillments’, ‘write_fulfillments’,
‘read_assigned_fulfillment_orders’, ‘write_assigned_fulfillment_orders’,
‘read_merchant_managed_fulfillment_orders’, ‘write_merchant_managed_fulfillment_orders’,
‘read_third_party_fulfillment_orders’, ‘write_third_party_fulfillment_orders’
];

$local_url = ‘https://’.SITE_URL.‘/auth/shopify.php’;

$redirect = $this->client->getAuthUrl($scopes, $local_url);

header(“Content-Security-Policy: frame-ancestors https://$shop_url https://admin.shopify.com;”);
header(“Access-Control-Allow-Origin: *”);
//header(‘Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, post, get’);
//header(“Access-Control-Max-Age”, “3600”);
//header(‘Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token’);
//header(“Access-Control-Allow-Credentials: true”);
//header(“Location: {$redirect}”);

echo ’

Redirecting, please wait...

Redirecting, please wait... ';

die();
}