Shopify APIs and SDKs

similar behavior in Firefox. Really annoying. Hope there will be a solution in @shopify/koa-shopify-auth soon

Hey folks, I'm following up to let you know that this is still being worked on. A lot has changed since the possible solution was proposed, and there's quite a bit of catching up. s_werk, thank you for the additional info, it sounds like Firefox also have their own ITP and should be throughly tested as well. Much appreciated 🙏

I am having a similar problem in both Safari and Chrome. I'm new to developing apps with shopify and have been using the tutorial here:

https://developers.shopify.com/tutorials/build-a-shopify-app-with-node-and-react

I've built three test apps; one on my MacBook localhost, one on a FreeBSD server, and one on an Ubuntu server.

The one on localhost, as expected, passes all trust checks and loads as expected into the Shopify interface and as seen in the tutorial.

The installs on the remote servers do not. First the warning about enabling cookies is shown, and then the app loads externally as a redirect. I attempted to implement a user-proposed solution ( https://community.shopify.com/c/Shopify-APIs-SDKs/Embedded-App-not-working-in-Safari/td-p/335934/pag... ) but it did not work. It does not seem possible with updated browsers to embed an app in the Shopify admin interface.

I wonder if this is working for anyone? Or if users are simply assuming it's their fault and disabling the browser security?

An updates on this?

Customers cannot open our app and we need support!

Hello,

Any news? This starts to impact more and more clients every day, and I cannot manage to find any workaround.

Hello everyone, thanks for your continued patience on this. It appears that there were a few underlying issues around app auth flow, and not all related to the koa-shopify-auth library, making it quite tricky to debug. A few of those issues were addressed last week, and just yesterday we were able to isolate this bug. Unfortunately the proposed solution from last year didn't seem to solve the problem, so I am looking into other solutions at the moment.

Any timeframe for the fix?

I'm having the same issue.

Same here. Chrome (MacOS) latest build

Hi everyone, thanks for chiming in with your issues. I'm still unable to reproduce the bug consistently, but I did find out that there are actuaally two issues that could cause a redirect loop.

For those who are experiencing this bug in Chrome, do you eventually get redirected back to the app listing page with an error message? Described here in point #3: https://shopify.dev/tutorials/migrate-your-app-to-support-samesite-cookies Also, what version of `koa-shopify-auth` are you using in your app?

For Safari, I'm unable to get the redirect loop at all. When I use this URL format (https://9f508623.ngrok.io/auth?shop=lee-stageten-store.myshopify.com) but replaced with my own app and shop, I actually receive an error message saying that the shop url is invalid. What do you see when installing with this url instead?  https://9f508623.ngrok.io/auth/inline?shop=lee-stageten-store.myshopify.com

Hi - has there been any movement on this? I have received a couple of complaints from users of my app. I've updated to koa-shopify-auth 3.1.58 and the issue is still happening.

koa-shopify-auth 3.1.33

koa-shopify-webhooks 1.1.12
koa-router 7.4.0
koa-session 5.12.3

Everything works fine for about month ago. Now i'm stuck with redirect loop

Okay, i've update all libs with npm update, then clean cache and install again. Now, seems like redirect issue is gone

Hi Hanna,

Thanks for the response -- our issue has always only been in Safari. Our developer investigated further using the the new URL format you provided and our original test steps. He responded with:

"If I clear cookies, go back and try exactly the same steps it fails."

Further, he performed the test in a private browsing windows and reports:

"I was able to get past the Enable cookies screen once, but the problem reappears.

"To clarify, a full cycle with login to the store and installation using the `/auth/inline` form of the URL works in a Safari private window, but not in a regular one, regardless of whether I clear all my Shopify and STAGE TEN cookies or not. I have no extensions/ad blockers etc running in Safari.

"Having installed the app successfully in the private window, if I then attempt to access it from a regular Safari window I get the same 'enable cookies' loop."

I hope this additional information helps.

This seems to be Safari Version 13.1 specific issue to me. Consistently able to reproduce on this version of Safari and looks fine.

@AvocadosLab I have Safari Version 13.0.5 (15608.5.11) and have the same issue.

Yeah, seems to be in every 13.x.x version.

Hi,

is there meanwhile a solution for this bug?

I am getting this error message each time when I access my Insta and FB app in Shopify. My product catalogue doesn't get synchronised anymore neither.