Not receiving redirect URL from Shopify OAuth

Shopify Apps

Topic summary

A developer is struggling to receive the redirect URL during Shopify OAuth implementation. They initially believed Shopify automatically handles OAuth authorization when users install apps from the app store.

The Issue:

  • The developer’s server never receives callbacks with the authorization code and query parameters during OAuth
  • Screenshots show their setup, but the redirect isn’t triggering

The Solution:

  • Even for public app store apps, developers must manually redirect users to Shopify’s OAuth authorization URL: https://${shop}/admin/oauth/authorize?client_id=${client_id}&scope=${scopes}&redirect_uri=${redirectUri}&state=${nonce}
  • The redirectUri parameter should point to the developer’s server endpoint
  • Shopify then redirects back to this URL with a temporary authorization code
  • This code is used to request the access token

Resolution:
The developer confirmed the solution works and thanked the responder for clarifying the OAuth flow with relevant Shopify documentation links about implementing authorization code grant manually.

Summarized with AI on November 12. AI used: claude-sonnet-4-5-20250929.
1

Hey,

I’m trying to redirect to my server with the code and the other query parameters to save them on behalf of the user, but I’ve never gotten a hit back during OAuth. I’ve dumbed it down as much as possible and still nothing.

Help would be appreciated - thanks.

Screenshot 2024-02-05 at 6.37.12 PM.png
Screenshot 2024-02-05 at 6.37.12 PM.png656×411 30 KB

Screenshot 2024-02-05 at 6.36.53 PM.png
Screenshot 2024-02-05 at 6.36.53 PM.png493×473 17.3 KB

Screenshot 2024-02-05 at 6.36.45 PM.png
Screenshot 2024-02-05 at 6.36.45 PM.png355×103 9.59 KB

2

If I understand your question correctly, your app needs to do the redirection during installation - it does not happen automatically.

https://${shop}/admin/oauth/authorize?client_id=${client_id}&scope=${scopes}&redirect_uri=${redirectUri}&state=${nonce}

3

Thanks for the reply. So that’s what I thought at first, but when the app is public in the app store doesn’t Shopify manage all of that on their end? They click to install the app, Shopify pops up that authorize link on their end and then when it’s installed it calls my callback URL.

4

Your response works which makes sense, I just don’t understand the flow then. I figured when a user clicks on our app in the app store Shopify automatically handles the authorize link part because if it’s on me to do it where am I supposed to redirect? Hope that makes sense.

Screenshot 2024-02-06 at 3.03.36 PM.png
Screenshot 2024-02-06 at 3.03.36 PM.png121×106 4.61 KB

5

The same applies when your app is installed from the app store. You will need to redirect them to this url for installation: https://${shop}/admin/oauth/authorize?client_id=${client_id}&scope=${scopes}&redirect_uri=${redirectUri}&state=${nonce}, where redirectUri is your url, where your logic for requesting access token resides. Then, Shopify will include a temporary code as part of redirectUri during the OAuth process and redirect it, which you will use to request for access token.

These two docs elaborate this: Implement authorization code grant manually (shopify.dev) and https://shopify.dev/docs/apps/auth/get-access-tokens/authorization-code-grant

6

I’d seen the second link but not the first one that explains what you just described to me. Thank you for your time - I appreciate it!