Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

getting "Invalid Request! Request or redirect did not come from Shopify" error on install #43

Open
nidhiorangemantra opened this issue Dec 18, 2017 · 4 comments
Open

getting "Invalid Request! Request or redirect did not come from Shopify" error on install #43

nidhiorangemantra opened this issue Dec 18, 2017 · 4 comments

Comments

@nidhiorangemantra
Copy link

appissue
Hello,

I am creating my custom shopify app but when i clicking on "Install App" button then i am gettiing "Invalid Request! Request or redirect did not come from Shopify" issue. So please help me how to install app ?

This is install Url : http://femmeluxefinery.myshopify.com/admin/api/auth?api_key=0191a4622a3af05d09f52226ac11ea40

Store Url : femmeluxefinery.myshopify.com
appsettings
@myjanky
Copy link

myjanky commented Dec 26, 2017

cant really use localhost anymore without some hoops to jump through.

you need to host on a server with ssl (https://)

@ahmu83
Copy link

ahmu83 commented Mar 13, 2019

I am getting this error when I try to install the shopify app Notice: Undefined index: signature in /vendor/phpish/shopify/shopify.php on line 21
Invalid Request! Request or redirect did not come from Shopify

I noticed that the url https://ID.ngrok.io/oauth.php?hmac=&shop=MY-TEST-STORE.myshopify.com&timestamp=1552491745 did not have the signature query string instead of the hmac query string. And I tried to update that instead in line 21 but it only removed the notice but the error (Invalid Request! Request or redirect did not come from Shopify) was still there

@X4nd0R
Copy link

X4nd0R commented Aug 8, 2020

I was able to solve this issue by editing the phpish file: /vendor/phpish/shopify/shopify.php. The is_valid_request() function should look like this:

function is_valid_request($query_params, $shared_secret)
{
	if (!isset($query_params['timestamp'])) return false;

	$seconds_in_a_day = 24 * 60 * 60;

	$older_than_a_day = $query_params['timestamp'] < (time() - $seconds_in_a_day);
	if ($older_than_a_day) return false;

	$signature = $query_params['hmac'];
	unset($query_params['hmac']);

	$message = http_build_query($query_params);

	return (hash_hmac('sha256', $message, $shared_secret) === $signature);
}

I believe the Shopify API/Oauth system has changed and phpish's code is out of date.

@X4nd0R
Copy link

X4nd0R commented Aug 13, 2020

I still continued to have further issues after rewriting the above function. So I wrote a fresh bare-bones Shopify app in PHP that is more inline with Shopify's current protocols/standards. Check it out here: https://github.com/XenithTech/php-shopify-app-skeleton If you have any issue please open a ticket and I will work on a solution as quickly as possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@X4nd0R @ahmu83 @myjanky @nidhiorangemantra