Cannot complete OAuth process. Could not find an OAuth cookie for shop url

We are starting to now integrate with Shopify using Node/Express, and i’m having issues with the cookie not being there after authentication to verify it.

Context:

Shopify.Context.initialize({
API_KEY: ‘xxxxxxxxxx’,
API_SECRET_KEY: ‘xxxxxxxxxxx’,
SCOPES: [‘write_products’],
HOST_NAME: ‘xxxxxx.ngrok.io’,
IS_EMBEDDED_APP: true,
API_VERSION: ApiVersion.October21,
});

redirect url works and auth is completed:

const shopifyUrl = await Shopify.Auth.beginAuth(req, res, ‘xxxxxxx.myshopify.com’, ‘/api/integration/shopify/auth’, true);

console.log(‘hit getShopifyAuthUrl’, req.cookies);
This console.log shows the following:

hit getShopifyAuthUrl {

shopify_app_session: ‘xxxxxxxxxxx’,

‘shopify_app_session.sig’: ‘xxxxxxxxxxx’,

}

Then in the validate part,

console.log(‘hit validateShopifyToken’, req.cookies);

const session = await Shopify.Auth.validateAuthCallback(req, res, req.query);

This log is an empty object which i think is my issue.

hit validateShopifyToken [Object: null prototype] {}

I have followed the video on: https://shopify.dev/apps/auth/oauth/getting-started and i’m out of ideas on what the issue is.

I have moved the Shopify.Context all over the place to avoid it possibly resetting on each network call, to no avail.

Any ideas?

I have this problem too. It is unclear what the next steps should be to fix this.

I have since moved to not using the SDK, and just using axios, and everything was smooth sailing ever since. Another reason SDKs just aren’t worth it in most cases…

URL to redirect them to the authorize page:

https://${shop}/admin/oauth/authorize?client_id=${process.env.SHOPIFY_PUBLIC_KEY}&scope=${process.env.SHOPIFY_SCOPES}&redirect_uri=${process.env.DOMAIN}${redirectPath}&state=${req.userId}|${req.query.redirect}&grant_options[]=value,

Then once that is completed they are redirected to my api’s next step and i do the following:

const { data } = await axios.post(https://${req.query.shop}/admin/oauth/access_token, {
client_id: process.env.SHOPIFY_PUBLIC_KEY,
client_secret: process.env.SHOPIFY_SECRET_KEY,
code: req.query.code,
});
And take data.access_token and store it.

How do you get the state query ? can you explain “state=${req.userId}|${req.query.redirect}”

The state query is something that shopify allows you to pass to them, and they will then pass back to you once the request is completed. It is not required. But in my case, users have the ability to auth with shopify via our app, and also discover us in the Shopify app store.

If they did it via our app, they have an account, so once they authed I needed to know who authed so as to save the auth token in our DB to the user who did it.

If they did it via Shopify, req.userId is undefined, so i would send them to our signup where they would either login or signup.

Here is what we’re doing with that req.userId

if (userId !== ‘undefined’) {
Authed via our app
Check if we are updating an expired token, or creating a new one
if (updating) {
update using req.userId
} else {
Create new row in DB using req.userId
}
auth completed, send to success page
return ${process.env.DOMAIN}/export-auth/success;
}
did this from shopify, so we need to get them to signup/login

return state: ${process.env.DOMAIN}/signup?vendor=Shopify&shop=${data.shop}&code=${data.access_token},

thank you kind sir, your comments are very informative .
so following your comments am trying to create a shopify app without the SDK,
and i have two questions if you could help me:
1- i can subscribe to shopify webhooks using axios and the POST ‘/webhooks’ route gets triggered when subscribed event happen, my question is how to get the webhook body on my route ? req.body is undefined.
2- am planning to allow only known shops to install my app, will that cause the shopify app review to fail ? didn’t try tho, still using the development store
with or without reply i want to thanks sir you already been a huge help to me.