Can't configure customer accounts authentication

Zeeper · January 22, 2026, 1:18pm

Subject: Shopify Customer Accounts OAuth — works in dev, but fails in prod with “Verkeerde redirect_uri” (localhost)

Hello!
I need help with Shopify Customer Accounts authorization using scope customer-account-mcp-api:full in a Shopify app.

Context

Shopify app + theme app extension (chat widget on storefront)
Authorization via Shopify Customer Accounts OAuth (PKCE with code_challenge, S256)
Callback path on backend: /auth/callback
Dev environment: local (localhost, port 3458)
Prod environment: app deployed on Fly (public .fly.dev domain)

Problem

Everything works correctly on the dev store:

Customer logs in
Redirect back to /auth/callback succeeds
Authorization is successful
Customer tools (e.g. order status in chat) work as expected

However, on the production store, authorization fails.

During login, Shopify redirects to the OAuth authorize endpoint, but the request still contains:

redirect_uri = https://localhost:3458/auth/callback

Shopify then shows the error (in Dutch):

Er is iets misgegaan
Verkeerde redirect_uri

So effectively, in prod Shopify is rejecting localhost as redirect URI.

What I already tried

Updated frontend chat config (chat.js) to use the Fly production domain for:
- stream endpoint
- history endpoint
- token status endpoint
Updated backend environment variables:
- REDIRECT_URL is set to the Fly domain /auth/callback
In shopify.app.toml, I have explicitly configured multiple redirect URLs, including:
- /auth/callback
- /auth/shopify/callback
- /api/auth/callback
  (all pointing to the Fly production domain)
App permissions are fully granted during install.
App configuration in Shopify Admin is completed.
Customer Accounts are enabled and moved to the subdomain-based auth flow.

Result

Despite all of the above:

OAuth request in prod still uses localhost
Shopify rejects it
LLM / agent cannot generate a valid authorization link

Question

What could still be forcing redirect_uri to localhost in production?

Is there:

a hidden default in Shopify CLI?
a required deploy/sync step for redirect URIs?
a common Fly.io / environment variable pitfall?
something specific to Customer Accounts MCP auth that I’m missing?

Any guidance would be greatly appreciated. Thank you!

Zeeper · January 22, 2026, 1:52pm

Sorry, I didn’t express myself correctly in the main problem. The main problem is not that localhost remains registered somewhere, but that if I change it to my App address, all account services simply stop working, both on DEV and on PROD

Topic		Replies	Views
Shopify app oauth redirect_uri incorrect format after deployed on fly.io Authentication troubleshooting	2	70	July 17, 2023
The error was: "redirect_uri" mismatch when trying to access /account Store Design troubleshooting	1	366	June 22, 2024
Deployed App and Invalid oAuth Redirect URL Shopify Apps shopify-apps	0	49	August 21, 2023
Oauth error invalid_request: The redirect_uri is not whitelisted Shopify Apps	6	670	September 8, 2022
Customer Account API on Hydrogen 2024.1, wrong redirect on oauth/authorize Technical Q&A javascript	1	167	December 24, 2024