gnikyt / laravel-shopify

A full-featured Laravel package for aiding in Shopify App development
MIT License
1.24k stars 374 forks source link

Unable to verify signature. #854

Closed brucelee90 closed 3 years ago

brucelee90 commented 3 years ago

I created a new API key for my app. I set the new API within my .env file. Now if I want to reinstall the app again on my development store, the app URL gets redirected to:

https://app-name.test/?hmac=735d3606aa1b71e5f2c0e83256c8b3c2d148f8028f542ec829e8ebe61c4df970&host=bDQtc2FtcGxlLWFwcC5teXNob3BpZnkuY29tL2FkbWlu&locale=de&new_design_language=true&session=2d9564ec870bc29b15c6d278227092caef70741fb57989331b6229c9329b0be8&shop=l4-sample-app.myshopify.com&timestamp=1625085184

This always leads to an error message saying:

Unable to verify signature.

what causes this issue? where is the hmac coming from?

mhodge commented 3 years ago

I had a similar issue where the APP_URL and the Shopify keys were all correct and I was getting this error, it turns out the issue was relating to the nginx config I had which was perofrming the following: try_files $uri $uri/ /index.php?q=$uri&$args; This added the q parameter to the query string and when the hmac is trying to verify it does not because the nginx has added the extra param

I updated the nginx setting to the following: try_files $uri $uri/ /index.php?$query_string;

Thereafter its not adding the q= param which throws out the hmac validation.

Tips

  1. Check your APP_URL
  2. Check your SHOPIFY_API_KEY
  3. Check your SHOPIFY_API_SECRET
  4. Check your nginx (if you running it)
gnikyt commented 3 years ago

@brucelee90 Does the info above help at all?

brucelee90 commented 3 years ago

I've had issues with my local installation and nginx, so unfortunately I wasn't able to reproduce this issue. I will try it as soon as these issues are solved. Thank you for your replies!

brucelee90 commented 3 years ago

Ok, so I just tried to edit my nginx.conf at /usr/local/etc/nginx, I was looking for any property like try_files $uri $uri/ /index.php?q=$uri&$args, but couldn't find anything like try_files, which I could replace.

I tried to paste into http anyway and got an error message after restarting the nginx.

Not sure where to edit the nginx.conf now

mhodge commented 3 years ago

@brucelee90 you can use "nginx -T | grep try_files" on the server where your nginx is installed to look for the try_files line in the combined configuration output by using nginx -T piped through grep to look for what you need.

I presume you double checked points 1,2,3 which is why you are focusing on 4 as per my tips above?

When you do find the try_files declaration using the command I gave you can then either pipe the "nginx -T > output.txt" to a file and look in that file for the try_files which will enable you to see the file the line is being loaded in.

brucelee90 commented 3 years ago

I will close this issue now since I cannot reproduce it right now anymore.