I think the only thing you got wrong is the actual user flow you expect. When a user accesses your App via an URL, they do not LOGIN to your App, instead, they provide the shop name so you can initiate oAuth. That is where you made a mistake I think. If you want people to login to your App, separate from Shopify, you do that at some other URL, and take of that outside the Shopify flow.
1 Like