Redirect Loop in Safari

[chris8447]

I'm currently facing a redirect loop when my Shopify app starts the authentication process in Safari. Due to Safari's new policy where they block 3rd party cookies you can only get around by accessing Storage Access. Koa-Auth is already addressing this and prompts the user to accept. While this solution worked for some time it is not anymore.

Is someone else also experiencing this behavior? Can we expect any bugfix for this in the near future?

Thanks, Chris

[hrstrand]

Chris,

I am facing same issue, and there is not a clear path away from this issue from Shopify yet.

Currently, I am experimenting with

https://github.com/nprutan/shopify-cookieless-auth-demo

it seems to actually work fine, once you implement setting and getting the tokens from backend db

/peter

[chris8447]

Hi Peter, I saw it already. It replaces cookies with the session token approach.

I will try it myself and give feedback.

Chris

[skoulix]

I've implemented many solutions that exists out there including this specific package and the cookieless unofficial one you're suggesting. None worked 100% for me and it was only causing issues and headaches, endless redirects at Safari, problems with the prefix and the trailing slash (I saw this was fixed at a new release today).

Do yourselves a favor and save valuable time by implementing the new way that Shopify suggests here https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens It seems difficult at first but once you grasp it everything will work like a charm. It works for Ruby apps, React or even custom Node.js ones. Actually I managed to get it working at a custom app based entirely on Nuxt.js. Let me know if anyone of you needs any help.

Evan

[avcohen]

I've implemented many solutions that exists out there including this specific package and the cookieless unofficial one you're suggesting. None worked 100% for me and it was only causing issues and headaches, endless redirects at Safari, problems with the prefix and the trailing slash (I saw this was fixed at a new release today).

Do yourselves a favor and save valuable time by implementing the new way that Shopify suggests here https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens It seems difficult at first but once you grasp it everything will work like a charm. It works for Ruby apps, React or even custom Node.js ones. Actually I managed to get it working at a custom app based entirely on Nuxt.js. Let me know if anyone of you needs any help.

Evan

I'd be curious to see your implementation for the react / nuxt app — i'm working on a next.js app and started to use this repo but I believe it falls victim to these same issues.

Thanks,

A

[skoulix]

@avcohen

I can't share the source code of the app since it's a commercial one and already live at the Shopify app store. Having said that I can help you with anything you want and any queries you may have. My app is based on Vue.js and Nuxt.js but the logic is the same with your app which as far as I can tell is based on React and Next.js. I don't think the implementation differs to a great extend, different frameworks, same logic.

Please email me directly and I would be happy to assist you.

[avcohen]

@skoulix — That's mighty kind of you. I did end up finding a solid solution using this repo. Seems like a good starting point!

[skoulix]

@skoulix — That's mighty kind of you. I did end up finding a solid solution using this repo. Seems like a good starting point!

No problem. Glad you found a solution. By looking at this repo we are almost doing the same stuff. It's a linear procedure and you must follow Shopify's workflow with the handshake during app installation, getting the shop domain, access token and so on.

Happy coding :-)

[harishannam]

Disabling forceRedirect on your Provider config would prevent the looping issue but not sure what would be the side effects.

In this case, if it is unable to embed the app inside the iframe, it will redirect to open it separately.

[github-actions[bot]]

Note that this repo is no longer maintained and this issue will not be reviewed. Prefer the official JavaScript API library. If you still want to use Koa, see simple-koa-shopify-auth for a potential community solution.