Redirect to /login page triggers ShopifyAPI::Errors::MissingJwtTokenError

[elioncho]

Issue summary

Before opening this issue, I have:

• [x] Upgraded to the latest version of the package
  • shopify_app version: 22.2.1
  • Ruby version: 3.3.0
  • Operating system: MacOS Catalina
• [x] Set log_level: :debug in my configuration, if applicable
• [x] Found a reliable way to reproduce the problem that indicates it's a problem with the package
• [x] Looked for similar issues in this repository
• [x] Checked that this isn't an issue with a Shopify API
  • If it is, please create a post in the Shopify community forums or report it to Shopify Partner Support

When the user tries to open a URL without the shop param, the app attempts to redirect the user to the login page, but then a MissingJwtTokenError is triggered. I am using the token_exchange configuration. All my controllers are a subclass of AuthenticatedController.

authenticated_controller

class AuthenticatedController < ApplicationController
  include ShopifyApp::EnsureHasSession
  include ShopifyApp::EnsureAuthenticatedLinks
...
..
.
end

home_controller is my root path

class HomeController < AuthenticatedController
  def index; end
end

Expected behavior

The login page should be rendered

Actual behavior

ShopifyAPI::Errors::MissingJwtTokenError is raised and the login page is not rendered.

Steps to reproduce the problem

1. Open a URL on your app without the shop param on it
2. The application does a redirect_to the login_page
3. ShopifyAPI::Errors::MissingJwtTokenError is raised and the login page is not rendered.

Debug logs

See that the redirect to the login page is made but then a MissingJwtTokenError error is triggered

11:44:30 web.1   | Started GET "/shops/add_to_cart_and_checkout_buttons/edit" for ::1 at 2024-06-18 11:44:30 -0500
11:44:30 web.1   | source=rack-timeout id=9cff466b-75e1-4451-9789-c6017615c85e timeout=15000ms service=1ms state=active
11:44:30 web.1   |   ActiveRecord::SchemaMigration Load (0.5ms)  SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
11:44:30 web.1   | Processing by Shops::AddToCartAndCheckoutButtonsController#edit as HTML
11:44:30 web.1   | [ ShopifyApp | DEBUG | Shop Not Found ] Responding to invalid Shopify ID token: Missing Shopify ID Token
11:44:30 web.1   | [ ShopifyApp | DEBUG | Shop Not Found ] Redirecting to embed app in admin
11:44:30 web.1   | Redirected to http://localhost:3000/login
11:44:30 web.1   | [ ShopifyApp | DEBUG | Shop Not Found ] Deactivating session
11:44:30 web.1   | Completed 302 Found in 20ms (ActiveRecord: 0.0ms | Allocations: 3554)
11:44:30 web.1   | 
11:44:30 web.1   | 
11:44:30 web.1   |   
11:44:30 web.1   | ShopifyAPI::Errors::MissingJwtTokenError (Missing Shopify ID Token):
11:44:30 web.1   |   
11:44:30 web.1   | shopify_api (14.3.0) lib/shopify_api/utils/session_utils.rb:46:in `session_id_from_shopify_id_token'

[zzooeeyy]

Hey @elioncho,

Looks like it's redirecting to your login path - http://localhost:3000/login , However, the shopify_app should redirect you to ShopifyApp.configuration.login_url, which in most cases SHOULD be http://localhost:3000/api/auth and SHOULD route you to ShopifyApp::SessionController to 'login'...

---

Can you tell me what your ShopifyApp.configuration.login_url set to? I'm wondering if you're routing it to a /login controller that is using a AuthenticatedController..

[elioncho]

ShopifyApp.configuration.login_url

returns

"/login"

But I am not setting up the login_url anywhere. Isn't login the default path?

Every route that I open without the shop param triggers the same error.

[elioncho]

This PR was opened to fix the issue: https://github.com/Shopify/shopify_app/pull/1868

[netwire88]

@zzooeeyy What should login_url be set to? Same with @elioncho , we don't customize login_url in shopify_app.rb, so the default is returned:

ShopifyApp.configuration.login_url
=> "/login"

We are unable to use EnsureAuthenticatedLinks since return_to returns nil