Why is my node HMAC verification failing in OAuth flow?

Shopify Apps
1

Hi, I’m trying to verify the hmac value in my oauth flow, I’m based in this section https://shopify.dev/apps/auth/oauth/getting-started#step-7-verify-a-request, but, when I try to match the value generated with hmac, the values aren’t the same result

function verifyRequest(req, res, next) {

    const {code, shop, timestamp} = req.query

    const message = `code=${code}&shop=${shop}×tamp=${timestamp}`
    const generated_hash = crypto.createHmac('SHA256', apiSecret).update(message).digest('hex')
    if (generated_hash === req.query.hmac) {
        next()
    } else {
        const error = new Error(`The request verification is not successful`)
        error.status = 400
        error.type = 'expected'
        throw error
    }
}
2

Hello,

Can you explain a little more? where is the apiSecret coming from?

Regards,
Mritunjay
ReturnPrime

3

Hi, I have got the apiSecret and apiKey values from shopify admin dashboard, when I generated a public app as picture show, then I saved that variables in .env file

dafbuenoca_0-1653662105087.png
dafbuenoca_0-1653662105087.png466×328 40.2 KB

4

Hello Dafbuenoca,

I suggest you follow this official Shopify tutorial for the OAuth process:-
https://www.youtube.com/watch?v=D3iO4mZHgLk

Thank you

Leith

5

Hey. I’m facing the same issue, I have tried everything and can’t validate the hmac. Did you solved the problem?