React with AppBridge

RockitSeller · November 22, 2022, 3:43pm

Hey guys,

Some background on my question is in order.

We are working on a multi-marketplace web app. The subscribers of the app, after signing up, connect their marketplace accounts (Etsy, newegg etc) using the auth mechanism for each marketplace to our web app. The user initiates this auth and not all users connect all marketplaces. We would like to use the same approach with Shopify, where if a user has an active Shopify account and would like to connect their Shopify account to our app, they would click a button in our app which will initiate the auth process. Once the user allows our app to access data on their behalf they will be redirected to our web app. The backend of our app will store the token for subsequent access. Per Shopify’s app review policy OAuth has to be the first step. I am not sure how we can do this even before the user logs in to our app and we know who the user is.

I am sure we are not the only ones and this case just cannot be a unique use case. Has someone done this before? Any direction would be really appreciated.

My thanks in advance.

JustinW · November 23, 2022, 11:54pm

There is a sample app that discusses app authentication. I would start here: https://shopify.dev/apps/getting-started/build-app-example and see if this helps clear up questions about authentication.

RockitSeller · November 24, 2022, 1:56pm

Thanks for your response Justin!. We incorporated the OAuth tokenization flow and this how it currently works (per the OAuth flow doc on Shopify - https://shopify.dev/apps/auth/oauth/getting-started). When one of our users clicks “Connect your Shopify Shop” in our front end, we have the user enters their shop name. We use the shop name that the user enters to generate a dynamic URL per this, https://{shop}.myshopify.com/admin/oauth/authorize?client_id={client_id}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}&grant_options[]={access_mode}

This opens up the their shopify admin page where they click on Install App. The user is then navigated back to our backend (using the redirect URL that we have configured under app settings in the partner’s dashboard) and the long lived token is persisted in our system. Finally our backend redirects the user’s browser to our front end. Does this sound like a good approach?

JustinW · November 24, 2022, 5:29pm

Seems like the correct approach.

RockitSeller · November 29, 2022, 4:43pm

Hey Justin and fellow developers,

I think the issue is not the OAuth flow implementation from the app but how the app is being tested when we request a review. I believe the automated process (this is just a guess) initiates installation of the app within Shopify admin by searching for the app and attempting to install it. However, this is not the expected use case for our app. In order to connect their Shopify account, our users are expected to have an account with us already and then follow a specific sequence of actions within our platform in order to connect their Shopify shop to our platform. This just mean our app will never be approved? How have others solved this issue? Hey Shopify support can you guys provide some advise/help here?

Many thanks!

Topic		Replies	Views
Starting the OAuth flow from an external app Partners Discussion	7	164	December 7, 2022
Your app must immediately authenticate using OAuth before any other steps occur Shopify Apps third-party-apps	12	479	April 25, 2025
Strategies for Securely Linking OAuth Tokens to User Accounts Post-Authentication Authentication troubleshooting , Setting-Up	2	74	July 17, 2024
OAuth Flow - Associate the Shopify shop with our app subdomain Authentication Setting-Up	3	107	September 8, 2022
OAUTH Flow - Unlisted App Billing	18	553	August 10, 2024

React with AppBridge

Related topics