App must verify the authenticity of the request from Shopify.

[somin-parate]

For bug reporting only! If you're posting a feature request or discussion, please ignore.

While submitting app we are having those 2 issue

Expected Behavior

https://prnt.sc/26ng19g

Please describe the behavior you are expecting.

Current Behavior

Please describe the current behavior?

Failure Information

Please help provide information about the failure if this is a bug.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. Step 1
2. Step 2
3. ...

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• Package Version: 17.1
• Laravel Version: 7.2
• PHP Version: 7
• Using a toolset (Docker, Laradock, Vagrant, etc.):

Failure Logs

Please include any relevant log snippets or files here.

[Kyon147]

The first requests look correct for me (this is triggering it from the partner dash but same sort of thing). There is an auth/token request but that's to get a token to be able to install.

• Click "install"
• We are sent to the auth route as it has been set up in the app admin.
• We then go to /admin/oauth/authorize
• From there it gets redirected to /admin/oauth/request_grant where you see the "Install Page"
• Click install and we go to /admin/oauth/post_grant to grant the charges (if any)
• Then /authenticate happens again with the new ?code parameter to be authed and all the usual stuff happens i.e we store the API Access Token etc.

Can you provide more detail on your set up with your routes etc.

[somin-parate]

@Kyon147 Yes so when we are trying its allowing me to do everything i tried to install that multiple times and its working perfect but still they are sending me same https://wishlist.partners.gemfind.com/login here is my instance where you can check

[Kyon147]

Following the routes via a redirect tracking tool - I don't see /authenticate/token in the flow at all - the only one is when it lands on /authenticate and then going to /oauth/authorize.

[Kyon147]

@Kyon147 Yes so when we are trying its allowing me to do everything i tried to install that multiple times and its working perfect but still they are sending me same https://wishlist.partners.gemfind.com/login here is my instance where you can check

Question, have you manually added the login page back into your application? As this view was removed a while back.

[somin-parate]

yes i added that manually otherwise if we try to open that page its give me shop domain error.

[Kyon147]

Yeah, I don't see the auth/token directly but I do see the authenticate route.

I'll need to do a little more digging and I'll tag @osiset as he knows the auth flow a lot better than me.

[somin-parate]

please check my video as mentioned for each step routing we are following https://watch.screencastify.com/v/Ugt28T0xmltwPKJnJNVI

[somin-parate]

@Kyon147 is there any idea after looking at video?

[Kyon147]

I've had a look but I don't see it. As I said, Tyler would know more but the authentication in the wiki does mention that a auth/token happens. https://github.com/osiset/laravel-shopify/wiki/Authentication-Process

So I'd need to step through all the code properly on my debugger to get a better idea.

Otherwise, if this is a requirements blocker - we'd need to change the auth flow but again not an expert on that part as I've not really looked at it since we moved to JWT Token so would need to do more digging as I mentioned.

EDIT: I would also probably speak to Shopify and ask them for further guidance. I assume they are being super strict to protect their users making sure that nothing happens between the user click add app and the OAuth screen to reduce the chances of any malicious code being able to run.

[somin-parate]

@Kyon147 Thanks for the info but yes its working as same mentioned that its passing with above route

[Kyon147]

@somin-parate - I've created a new PR which avoids the full page redirect and does seem to keep the package running as normal. Just need @osiset to take a look and merge into master if he's happy.

It might not be "enough" for Shopify but it's worth pushing back to them and trying to see what else is needed but technically, that does no redirect, it just goes straight to OAUTH now.

[gnikyt]

I'll make some time Friday morning, sorry guys, I'm still full-tilt on work and external issues! Appreciate it!

On Wed., Feb. 16, 2022, 12:50 Luke Walsh, @.***> wrote:

@somin-parate https://github.com/somin-parate - I've created a new PR which avoids the full page redirect and does seem to keep the package running as normal. Just need @osiset https://github.com/osiset to take a look and merge into master if he's happy.

— Reply to this email directly, view it on GitHub https://github.com/osiset/laravel-shopify/issues/1073#issuecomment-1041839675, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASO4OWX7ZL4LZA4QRC34R3U3PFERANCNFSM5NMGJBKA . You are receiving this because you were mentioned.Message ID: @.***>

[ugurmuslim]

For bug reporting only! If you're posting a feature request or discussion, please ignore.

While submitting app we are having those 2 issue

Expected Behavior

https://prnt.sc/26ng19g

Please describe the behavior you are expecting.

Current Behavior

Please describe the current behavior?

Failure Information

Please help provide information about the failure if this is a bug.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. Step 1
2. Step 2
3. ...

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• Package Version: 17.1
• Laravel Version: 7.2
• PHP Version: 7
• Using a toolset (Docker, Laradock, Vagrant, etc.):

Failure Logs

Please include any relevant log snippets or files here.

Hi @somin-parate have you solved this problem?

[ugurmuslim]

I figured out the problem. Actually app is not broken. The problem is not with the install but reinstall.

When the shop is being installed for the first time there is not a problem, but if you delete the app and install it again because the app finds it in the database it tries to find a token etc.

To solve this problem you must subscribe to APP_UNINSTALL Webhook. This is not the same thing as GDPR Shop_Redact.

When this webhook calls you if you delete the shop on the next install for the same shop you won't get this problem.

[baristinaz]

I figured out the problem. Actually app is not broken. The problem is not with the install but reinstall.

When the shop is being installed for the first time there is not a problem, but if you delete the app and install it again because the app finds it in the database it tries to find a token etc.

To solve this problem you must subscribe to APP_UNINSTALL Webhook. This is not the same thing as GDPR Shop_Redact.

When this webhook calls you if you delete the shop on the next install for the same shop you won't get this problem.

How do you figure out it? Did you create a new command then assign hook to the new one Or there is method named "softDelete" did you customize this method.

[Kyon147]

@baristinaz - the uninstall webhook is all detailed in the wiki - please give it a read.

https://github.com/osiset/laravel-shopify/wiki/Installation#uninstalled-job-recommended