I use shopify-app-template-php for the development of my application and I encountered several failed reviews without really understanding why.
The problem was that my application was not redirecting to oauth directly on each uninstallation / new installation.
It turns out that I relied on the APP_UNINSTALLED hook to delete the user's session.
php/blob/f3d8e9fe0dee30d941eea330dfb06e2f818c01b5/web/app/Lib/Handlers/AppUninstalled.php#L15
But the problem is that the hook can be called directly after uninstallation (very good) but also 5 minutes later, so if we reinstall the application and the hook has not been triggered we will have an a review error (because the application will not redirect to oauth as the session is still in database) and we will have an invalid access_token.
EnsureShopifySession throws errors on autorization headers if we use only php code and no ajax/xmlrequest
The major problem is that the session can be deleted at any time, cause of the hook delevry time
Even after the user has reinstalled the application, his session can be deleted because of the previous hook which will be triggered too late
Perhaps an enhancement of this part, could be a good point for new shopify developper.
Tested on php8.1 linux platform
The app contains only php and no modern javascript app (react, etc...)
Hello,
I use shopify-app-template-php for the development of my application and I encountered several failed reviews without really understanding why. The problem was that my application was not redirecting to oauth directly on each uninstallation / new installation.
It turns out that I relied on the APP_UNINSTALLED hook to delete the user's session. php/blob/f3d8e9fe0dee30d941eea330dfb06e2f818c01b5/web/app/Lib/Handlers/AppUninstalled.php#L15
But the problem is that the hook can be called directly after uninstallation (very good) but also 5 minutes later, so if we reinstall the application and the hook has not been triggered we will have an a review error (because the application will not redirect to oauth as the session is still in database) and we will have an invalid access_token. EnsureShopifySession throws errors on autorization headers if we use only php code and no ajax/xmlrequest
The major problem is that the session can be deleted at any time, cause of the hook delevry time
Even after the user has reinstalled the application, his session can be deleted because of the previous hook which will be triggered too late
Perhaps an enhancement of this part, could be a good point for new shopify developper.
Tested on php8.1 linux platform The app contains only php and no modern javascript app (react, etc...)
Ps : Sorry for my bad english