shopify_app: redirect_uri not used correctly

I’m “merging” shopify_app into our existing Rails project.

To avoid routing conflicts, I’m using the following routes:

scope :modules do
    scope :shopify do
      controller :shopify_sessions do
        get 'login' => :new, :as => :login
        post 'login' => :create, :as => :authenticate
        get 'auth/shopify/callback' => :callback
        get 'logout' => :destroy, :as => :logout
      end
    end
  end

This means that the login pages is accessible via localhost:3000/modules/shopify/login, and the callback from localhost:3000/modules/shopify/auth/shopify/callback

On the parther dashboard, the URL’s are changed accordingly.

The problem is that when installing the app, OmniAuth (at least I think this is the module doing it), will not add the correct direct_uri to the URL.

When installing, it will redirect to: https://mytestshop.myshopify.com/admin/oauth/authorize?client_id=<trimmed>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fshopify%2Fcallback&response_type=code&scope=read_customers%2C+read_orders%2C+write_orders%2C+write_fulfillments&state=<trimmed>

(decoded this becomes http://localhost:3000/auth/shopify/callback)

Shopify detects that this doesn’t match with the URI specified in the parther dashboard, so it will give an error: Oauth error invalid_request: The redirect_uri is missing or not whitelisted

omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :shopify,
    ShopifyApp.configuration.api_key,
    ShopifyApp.configuration.secret,

    :scope => ShopifyApp.configuration.scope,
    :redirect_uri => ShopifyApp.configuration.redirect_uri,

    :setup => lambda {|env|
       params = Rack::Utils.parse_query(env['QUERY_STRING'])
       site_url = "https://#{params['shop']}"
       env['omniauth.strategy'].options[:client_options][:site] = site_url
    }
end

shopify_app.rb

ShopifyApp.configure do |config|
  config.api_key = "mykey"
  config.secret = "mysecret"
  config.embedded_app = true
  config.scope = 'read_customers, read_orders, write_orders, write_fulfillments'
  config.redirect_uri = 'http://localhost:3000/modules/shopify/auth/shopify/callback'
end

I cannot tell if it is a bug, or a simple misconfiguration on my part.

About this issue

  • Original URL
  • State: closed
  • Created 9 years ago
  • Comments: 18 (14 by maintainers)

Most upvoted comments

Hey, I think omniauth-shopify-oauth2 expects an option called callback_url see https://github.com/Shopify/omniauth-shopify-oauth2/blob/d4f119be212a1e259e291621f07259e956accfff/lib/omniauth/strategies/shopify.rb#L114

so in omniauth.rb it should be :callback_url => ShopifyApp.configuration.redirect_uri,

+1
wnm on Mar 8, 2016
Read more comments on GitHub
← shopify_app: raise: false in WebhookVerification breaks in Rails 4
shopify_app: Safari 13.0.4 refreshes 3 times, and returns Shopify Admin error: "The application can’t be loaded with the current version of Safari, try clearing your cookies or using another browser" →