shopify-api-js icon indicating copy to clipboard operation
shopify-api-js copied to clipboard

Published 20 hours ago verified publisher icon Shopify

Cannot complete OAuth process. Could not find an OAuth cookie for shop url:

Open mkamalkayani opened this issue 3 years ago • 5 comments

Hi! 👋

Firstly, thanks for your work on this project! 🙂

Today I used patch-package to patch @shopify/[email protected] for the project I'm working on.

Here is the diff that solved my problem:

diff --git a/node_modules/@shopify/shopify-api/dist/auth/oauth/oauth.js b/node_modules/@shopify/shopify-api/dist/auth/oauth/oauth.js
index 719f989..544abb6 100644
--- a/node_modules/@shopify/shopify-api/dist/auth/oauth/oauth.js
+++ b/node_modules/@shopify/shopify-api/dist/auth/oauth/oauth.js
@@ -52,7 +52,7 @@ var ShopifyOAuth = {
                         cookies.set(ShopifyOAuth.SESSION_COOKIE_NAME, session.id, {
                             signed: true,
                             expires: new Date(Date.now() + 60000),
-                            sameSite: 'lax',
+                            sameSite: 'none',
                             secure: true,
                         });
                         query = {

I get this error in the oauth callback for the offline accessToken. I am doing the oauth in the top level window still I get this error. Am I doing something incorrectly or is it a bug in the library?

mkamalkayani avatar Feb 07 '22 00:02 mkamalkayani

I'm getting the same error after I started using this in my Shopify.Context.Initiliaze:

SESSION_STORAGE: new Shopify.Session.MemorySessionStorage()

When I create the session storage using redis, it works.

daviareias avatar Feb 07 '22 14:02 daviareias

I am using redis for session storage but still get this error.

mkamalkayani avatar Feb 08 '22 07:02 mkamalkayani

I found out my app bridge redirect was incorrect and hence the auth was not happening in the top level window.

The following changes fixed the issue:

const redirect = Redirect.create(app);

redirect.dispatch(Redirect.Action.REMOTE, `${window.location.origin}${authUrlHeader}?shop=${shop}` ||`/auth?shop=${shop}`);

mkamalkayani avatar Feb 11 '22 03:02 mkamalkayani

Does anyone know where I can find more about why we need a top-level window for auth to complete? It's not very clear as to why ?

gayanhewa avatar Mar 06 '22 13:03 gayanhewa

I am also confused about it in general. However, in this particular case, the library is setting a cookie vie a set-cookie header and if the window is not top level then the browser rejects the cookie because of sameSite restrictions.

mkamalkayani avatar Mar 06 '22 18:03 mkamalkayani

This issue is stale because it has been open for 90 days with no activity. It will be closed if no further action occurs in 14 days.

github-actions[bot] avatar Oct 06 '22 02:10 github-actions[bot]

We are closing this issue because it has been inactive for a few months. This probably means that it is not reproducible or it has been fixed in a newer version. If it’s an enhancement and hasn’t been taken on since it was submitted, then it seems other issues have taken priority.

If you still encounter this issue with the latest stable version, please reopen using the issue template. You can also contribute directly by submitting a pull request– see the CONTRIBUTING.md file for guidelines

Thank you!

github-actions[bot] avatar Oct 20 '22 02:10 github-actions[bot]

I'm facing the same issue can anyOne find a solution for this? My app is on Shopify CLI2.0

ali-faiz-brainx avatar Apr 26 '23 06:04 ali-faiz-brainx