Shopify_app: Shopify Omniauth not getting the Request parameters

Created on 6 Sep 2017  路  17Comments  路  Source: Shopify/shopify_app

Using the Shopify App 8.1.0 gem to fire up a Rails 5.1.3 App and when trying to authenticate, it gets refused on a cryptic looking problem with an Invalid Site error. Anyone ever see this? What is usually the cause of that? Looking through OmniAuth Shopify strategy shows the request being processed is pretty much NIL... not sure why. No GET params and of course there is no valid site.

Seems to be connected to commit: b3dc3d9b67c8851526d492c8872b2b30503bf490

Started GET "/login?shop=swift-braun3430.myshopify.com" for 127.0.0.1 at 2017-09-06 08:38:48 -0400
Processing by ShopifyApp::SessionsController#new as HTML
Parameters: {"shop"=>"swift-braun3430.myshopify.com"}
Rendering inline template
Rendered inline template (0.3ms)
Completed 200 OK in 2ms (Views: 0.7ms | Models: 0.0ms)

Started GET "/auth/shopify" for 127.0.0.1 at 2017-09-06 08:38:48 -0400
I, [2017-09-06T08:53:19.504631 #78285]  INFO -- omniauth: (shopify) Set up endpoint detected, running now.
I, [2017-09-06T08:53:19.504727 #78285]  INFO -- omniauth: (shopify) Request phase initiated.
E, [2017-09-06T08:53:19.505025 #78285] ERROR -- omniauth: (shopify) Authentication failure! invalid_site encountered.
OmniAuth::Error (invalid_site):

omniauth (1.6.1) lib/omniauth/failure_endpoint.rb:25:in `raise_out!'
omniauth (1.6.1) lib/omniauth/failure_endpoint.rb:20:in `call'
omniauth (1.6.1) lib/omniauth/failure_endpoint.rb:12:in `call'
omniauth (1.6.1) lib/omniauth/strategy.rb:478:in `fail!'
omniauth-shopify-oauth2 (1.2.0) lib/omniauth/strategies/shopify.rb:105:in `request_phase'

A session dump shows:

locale: "en"
omniauth.origin: "https://sport-haley.dev/login?shop=swift-braun3430.myshopify.com"
omniauth.params: {}
return_to: "/"
session_id: "d9f7120cfa71f26b374162ee24798427"
shopify.omniauth_params: {"shop"=>"swift-braun3430.myshopify.com"}

So I hacked the Shopify App gem in the Sessions Controller, and under the authenticate method, I hacked on the shop parameter... so this is super cheesy and should not be happening right?

def authenticate
  if sanitized_shop_name.present?
    session['shopify.omniauth_params'] = { shop: sanitized_shop_name }

Here be dragons... the redirect does not contain the shop name unless I tack it on? PorKayWha?

    fullpage_redirect_to "#{main_app.root_path}auth/shopify?shop=#{sanitized_shop_name}"
  else
    redirect_to return_address
  end
end

Most helpful comment

dude - this is a breaking change for anyone who types 'bundle update'. There should be more visible notes than just on this ticket. Thanks for adding the note to the changelog -- it helps. But for something like this, adding a note to the readme might be appropriate. That's the first place I looked.

In general, when you release a breaking change for someone upgrading from older versions of the gem please take extra steps if you can to make sure our apps don't stop working!

On the other side of this -- overall it's a really nice integration and the app itself is really helpful. Don't want my complaining to overshadow that good work!

All 17 comments

We're storing the shop in the session now and not a url param so it shouldn't need to be included in the redirect url. Is your omniauth initializer the same as in my commit? Can you put a debugger in the omniauth provider and see if maybe the session is not being set correctly.

I took your Omniauth code that uses the session, and now the App works.. lost a few hours dicking around till I stumbled into that... serves me right for not noticing the change from 8.0 to 8.1... subtle!

Sorry about that! Did you generate before bumping to 8.1.0?

I meant to add a note to the changelog about this. I will do so now.

I rarely use the generators due to my predilection for just doing things... so no.. I missed whatever it is the generators would've done... hence this bork in the road... nonetheless, I am running stock 8.1 and Rails 5.1.3 with Ruby 2.4.1 and it seems to all work...

Sorry for the extra fuss! Glad its working now.

Can you tell me what generator will fix the issue?

Have a look at the example app for what the omniauth.rb file should look like.

dude - this is a breaking change for anyone who types 'bundle update'. There should be more visible notes than just on this ticket. Thanks for adding the note to the changelog -- it helps. But for something like this, adding a note to the readme might be appropriate. That's the first place I looked.

In general, when you release a breaking change for someone upgrading from older versions of the gem please take extra steps if you can to make sure our apps don't stop working!

On the other side of this -- overall it's a really nice integration and the app itself is really helpful. Don't want my complaining to overshadow that good work!

This was done in a major version bump because of those breaking changes... If you're going to run a global bundle update you need to thoroughly test afterwards.

Is there anything else that needs to be done for nested Oauth routes? It looks like the documentation for that section applies to the old setup.

I am mounting the engine at /session. The install seemed to work but now I'm getting the following error when trying to access the app:

The application cannot be loaded, please check that your browser allows third party cookies

I have copied the new omniauth.rb example file. (rails 5.1.4, shopify_app 8.2.2)

@dansundy that sounds like a new issue. Can you please open one along with a repo that reproduces the problem.

False alarm, sorry @kevinhughes27. I didn't copy over the callback_path: value from the old config.

For anyone else that's wondering, you need to define that in addition to the new setup: lambda.

I'm getting the same error
I'm trying to run the example app, I follow all instructions showing here: https://github.com/Shopify/shopify_app/tree/master/example
After I start Rails server I can access the app to enter my shop domain: http://prntscr.com/k2rg1z
But when I click on "Install" it redirects me to another page and display the error: http://prntscr.com/k2rgvh

Can someone give me a solution for the issue?

Thanks

I'm getting the same error
I'm trying to run the example app, I follow all instructions showing here: https://github.com/Shopify/shopify_app/tree/master/example
After I start Rails server I can access the app to enter my shop domain: http://prntscr.com/k2rg1z
But when I click on "Install" it redirects me to another page and display the error: http://prntscr.com/k2rgvh

I am getting exactly the same problem. Can someone please help to solve this?
Thanks in advance!

I suspect the example app is out of date. I'd recommend following the installation instructions here on a new rails app: https://github.com/Shopify/shopify_app#installation

@yourbestcode @ice-lenor Please try latest master as I fixed some issues with the example app in #666.

Was this page helpful?
0 / 5 - 0 ratings