"must immediately authenticate after install" requirement

Shopify Apps
,

Topic summary

A developer’s custom Shopify app has been rejected twice for failing to meet the “must authenticate immediately after install” requirement.

The app follows Shopify’s official authorization code grant flow, redirecting users to the OAuth authorization URL. However, the rejection occurred because the tester was already logged into Shopify—they landed directly on the grant/permission screen without being prompted to log in first.

The developer is seeking clarification on:

  • How to modify their authentication flow to satisfy this requirement
  • Whether they should redirect to a different URL instead of the standard OAuth grant screen
  • How to force authentication even when users are already logged in

The issue remains unresolved, with the developer awaiting guidance on the correct implementation approach.

Summarized with AI on October 28. AI used: claude-sonnet-4-5-20250929.
1

In the process of getting our custom app approved but we’ve been met twice with rejection due to the requirement that states “Must authenticate immediately after install”.

We had followed the authorization code grant instructions, where we redirect to the url following the instructed template:

https://{shop}.myshopify.com/admin/oauth/authorize?client_id={client_id}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}&grant_options[]={access_mode}

However, the tester had sent a screen recording of them landing on the grant screen whilst previously logged in and was therefore not met with a login page.

Could I get some insight into how we should alter our flow so that we can meet this requirement? If the grant screen is not where we’re meant to redirect the user to, which url should we be directing to?