Problems with authentication with remix template non-embedded app

Technical Q&A

Topic summary

A developer is encountering OAuth authentication errors when deploying a non-embedded Shopify Remix app to production, despite it working correctly in local development mode.

The Problem:

  • Local dev (npm run dev): Authentication works automatically
  • Production (npm run build): Returns “No route matches URL ‘/admin/oauth/authorize’” error
  • The app needs to retrieve offline access tokens and shop data via GraphQL before redirecting users to a third-party site

Suggested Solution:
A community member recommended:

  • Verify auth route files exist: app/routes/auth.tsx and app/routes/auth/callback.tsx
  • Confirm production environment variables are correctly set (SHOPIFY_API_KEY, SHOPIFY_API_SECRET, SHOPIFY_SCOPES, SHOPIFY_APP_URL)
  • Ensure hosting configuration properly routes /admin/oauth/* requests to Remix
  • Test the /auth endpoint directly in production

Current Status:
The original poster is implementing the suggested fixes and has follow-up questions about the existing auth.$.jsx file in the template and how to handle shop/hmac query parameters. The discussion remains ongoing with unresolved implementation details.

Note: An unrelated payment dispute comment appears at the end but is not connected to the technical discussion.

Summarized with AI on October 28. AI used: claude-sonnet-4-5-20250929.
1

Hello everyone, I’m currently building a non-embedded app for my company using the remix template.

What the app will do is, prompt the user to install the app, afterwards the app would be redirected offsite.

Before redirecting, I would retrieve the offline access token and use GraphQL to extract some information to be forwarded to the third-party site using the admin object like so:

const { admin, session } = await authenticate.admin(request);
const query = await admin.graphql(`
      {
      shop {
        url
      }
    }`);

//...

Now, the kicker is when I’m running my project locally (npm run dev), everything is fine, authentication and authorization is done by the Shopify Library, no additional code needed. However, when I tried to use my app in production (npm run build and hosted it), it suddenly says:

"Error: No route matches URL “/admin/oauth/authorize”.

I tried to implement this route by passing the previous request and use it as a parameter for

authenticate.admin. However, it now states:
“[shopify-app/INFO] Could not find a shop, can’t authenticate request”.

I’m actually quite confused why in dev mode I have no such problems, but when in production mode, I would need to implement the auth logic myself.

I need some guidance on what to implement for the “/admin/oauth/authorize” route and how to continue proceeding forward with the app.

Thanks in advance for the help!

2

Hello @jeremyLiu97418

This “No route matches URL /admin/oauth/authorize” error just means your production Remix build isn’t exposing the same auth endpoints that the Shopify library wires up for you in dev. In dev mode the Shopify Remix template auto-generates those routes, but once you do npm run build you need to actually have matching files in your app/routes folder (and the right env vars) so Remix can serve them.

Here’s a quick checklist to get your OAuth flow working in Production:

1. Add the auth route files
In your Remix app, make sure you have these files (matching Shopify’s template exactly):

bash
app/routes/auth.tsx
app/routes/auth/callback.tsx

  • auth.tsx kicks off the redirect to /admin/oauth/authorize
  • auth/callback.tsx handles the shop & hmac query params and calls authenticate.admin

2. Double-check your env vars
In production you must have:

kotlin

SHOPIFY_API_KEY
SHOPIFY_API_SECRET
SHOPIFY_SCOPES
SHOPIFY_APP_URL ← this must exactly match the App URL in your Partner Dashboard

If SHOPIFY_APP_URL is wrong, Shopify’s redirect URI check will fail.

3. Ensure your hosting adapter passes through /admin/oauth/authorize
If you’re running behind a reverse proxy or a serverless function, make sure any wildcard (/) or API route config includes /admin/oauth/ so Remix actually sees that request.

4. Test your /auth route directly
Hit https://your-app.com/auth?shop=my-shop.myshopify.com in production. You should get a 302 redirect to Shopify’s oauth URL. If you still get “no route,” Remix isn’t seeing your auth.tsx.

Once those files exist and your host is forwarding those paths, your production OAuth flow will mirror dev.

1 Like
3

Thank you so much for your speedy reply @Kudosi-Carlos ! I will definitely test out what you’ve mentioned now.

4

Hello @Kudosi-Carlos

So, a few small questions

  1. For implementing app/routes/auth.tsx, the remix template already includes an auth.$.jsx, do I still have to implement this route?

  2. For implementing app/routes/auth/callback.tsx, what do you mean by handling the shop & hmac query params exactly?

Again, many thanks !

5

I fixed this issue. The main issue here was ShopURL. Our deal was for $500. After fixing these issues, he will pay me. But when I sent him the code, he said he won’t give me USD. He will give me HKD. This is a big scam.

appaza_0-1747631012737.png
appaza_0-1747631012737.png1742×588 59.1 KB