koa-shopify-auth icon indicating copy to clipboard operation
koa-shopify-auth copied to clipboard
verified publisher icon Shopify

Redirect loop

Open aurelienbobenrieth opened this issue 6 years ago • 18 comments

Hello everyone,

Overview

I am having an issue with this package @shopify/koa-shopify-auth with my app (Next.js + Node).

On Chrome when you disable 3rd party cookies, when you try to access (install or use) an embedded Shopify app there will be an infinite redirect loop between the app and /auth/enable_cookies.

I tried to explore a bit the module and it seems that there already is some code in it present to handle that sort of things, but it does not seem to work for me. And as far as I searched around the internet, I saw some other people struggling with this as well without any concluent solution.

Steps to reproduce

  • Open Chrome
  • Disable 3rd part cookies
  • Try to use an embedded Shopify App

Thank you !

aurelienbobenrieth avatar Jul 15 '19 11:07 aurelienbobenrieth

Having the same problem and haven't been able to debug. Any update on this issue?

sgerrard avatar Aug 05 '19 06:08 sgerrard

Having the same. It works in Safari but not in Chrome.

baorv avatar Aug 07 '19 10:08 baorv

Same here Shopify. It's a major cause for frustration on behalf of our users. Could someone from the Shopify team have a look and say if a solution is in reach? Thanks

eyal0s avatar Aug 11 '19 05:08 eyal0s

The problems seems to be in the verifyRequest function. If you remove it, then the demo seems to work. I don't know what the repercussions are and haven't dug into the function itself, but this will unblock the demo.

sgerrard avatar Aug 19 '19 04:08 sgerrard

I changed /auth to /auth/inline and worked perfectly.

image

baorv avatar Aug 21 '19 07:08 baorv

@baorv App URL should be / not /auth nor /auth/inline and changing it to /auth/inline ends up in a "Request origin could not be verified" from Shopify Admin App view.

aurelienbobenrieth avatar Aug 23 '19 13:08 aurelienbobenrieth

Having the same. It works in Safari but not in Chrome.

Same thing for me. It seems the 3rd party cookies is mandatory. I think it is reasonable since the cookies from MY_APP_SERVER will be used in myshopify.com, they are different domains

luongnv89 avatar Sep 04 '19 08:09 luongnv89

@baorv App URL should be / not /auth nor /auth/inline and changing it to /auth/inline ends up in a "Request origin could not be verified" from Shopify Admin App view.

It's the same for me, I'm experiencing this on Safari and Chrome. Not on Firefox for some resons. Anyway, either I can redirect correctly (Firefox) or I can verify the request-origin.

Any solutions so far?

mvhirsch avatar Sep 05 '19 13:09 mvhirsch

I'm experiencing the issue also. Any updates on this?

AllanFerencz avatar Nov 21 '19 01:11 AllanFerencz

any updates?

felipeloha avatar May 28 '21 06:05 felipeloha

@felipeloha If you update your app (and packages) to use the new Shopify session based authentication system it should work fine now !

aurelienbobenrieth avatar May 28 '21 07:05 aurelienbobenrieth

@aurelienbobenrieth with fine you mean that I can enter URL/auth/line as the app url?

my problem is that I have an aws api gateway in the form URL/mystage and my endpoint is URL/mystage/auth. and somehow when I enter URL/mystage as the app url, it doesnt work. it redirects me to URL/auth/inline and should redirect to URL/mystage/auth/inline

felipeloha avatar May 28 '21 08:05 felipeloha

Did you try to add a prefix to your conf ? See here : https://github.com/Shopify/koa-shopify-auth/#shopifyauth

aurelienbobenrieth avatar May 28 '21 09:05 aurelienbobenrieth

@aurelienbobenrieth no we did not. will try it out. thank you very much

felipeloha avatar May 28 '21 09:05 felipeloha

Regrettably, I'm still bumping into this issue. It seems to still be at the verifyRequest function.

I'm using the cookieless v 5.0.3 but still getting the loop-of-doom. Any more recent solutions?

Daniel-Nordby avatar Jun 01 '22 19:06 Daniel-Nordby

Started having this issue with embedded app all of a sudden. Works fine in Firefox and when the app url is not accessed from the shopify embed iframe. Anyone have any ideas??

@Daniel-Nordby Were you able to figure it out?

towfiqi avatar Jul 22 '22 13:07 towfiqi

@Daniel-Nordby Were you able to figure it out?

@towfiqi - Not definitively, in that I cannot point to one thing that seemed to solve the problem.

That said, I the following packages to the indicated versions:

  • @shopify/app-bridge-react: "^3.1.1"
  • @shopify/app-bridge-utils: "^3.1.1"

Along with "@shopify/koa-shopify-auth": "^5.0.3" this cleared up most of the cases.

I also updated some of the route logic. I moved from:

router.get(
    "(.*)",
    verifyRequest({
      accessMode: "offline",
      fallbackRoute: "/",
    }),
    handleRequest
  );

to

router.get("/products", handleNavigation);

const handleNavigation = async (ctx: any) => {
    verifyRequest({ accessMode: "offline", fallbackRoute: "/" });
    await handleRequest(ctx);
};

I absolutely cannot tell you why this had an effect, but between bumping the packages and handling the routes this way I got rid of the issue.

Daniel-Nordby avatar Jul 22 '22 17:07 Daniel-Nordby

@Daniel-Nordby Thanks so much taking the time to reply. Really appreciate it. I am already using the latest packages as you are. I will try rewriting the route and see if that changes anything.

towfiqi avatar Jul 22 '22 17:07 towfiqi

Note that this repo is no longer maintained and this issue will not be reviewed. Prefer the official JavaScript API library. If you still want to use Koa, see simple-koa-shopify-auth for a potential community solution.

github-actions[bot] avatar Jan 30 '23 20:01 github-actions[bot]