Skip to content

Shopify Omniauth not getting the Request parameters #467

Description

@resistorsoftware

Using the Shopify App 8.1.0 gem to fire up a Rails 5.1.3 App and when trying to authenticate, it gets refused on a cryptic looking problem with an Invalid Site error. Anyone ever see this? What is usually the cause of that? Looking through OmniAuth Shopify strategy shows the request being processed is pretty much NIL... not sure why. No GET params and of course there is no valid site.

Seems to be connected to commit: b3dc3d9

Started GET "/login?shop=swift-braun3430.myshopify.com" for 127.0.0.1 at 2017-09-06 08:38:48 -0400
Processing by ShopifyApp::SessionsController#new as HTML
Parameters: {"shop"=>"swift-braun3430.myshopify.com"}
Rendering inline template
Rendered inline template (0.3ms)
Completed 200 OK in 2ms (Views: 0.7ms | Models: 0.0ms)

Started GET "/auth/shopify" for 127.0.0.1 at 2017-09-06 08:38:48 -0400
I, [2017-09-06T08:53:19.504631 #78285]  INFO -- omniauth: (shopify) Set up endpoint detected, running now.
I, [2017-09-06T08:53:19.504727 #78285]  INFO -- omniauth: (shopify) Request phase initiated.
E, [2017-09-06T08:53:19.505025 #78285] ERROR -- omniauth: (shopify) Authentication failure! invalid_site encountered.
OmniAuth::Error (invalid_site):

omniauth (1.6.1) lib/omniauth/failure_endpoint.rb:25:in `raise_out!'
omniauth (1.6.1) lib/omniauth/failure_endpoint.rb:20:in `call'
omniauth (1.6.1) lib/omniauth/failure_endpoint.rb:12:in `call'
omniauth (1.6.1) lib/omniauth/strategy.rb:478:in `fail!'
omniauth-shopify-oauth2 (1.2.0) lib/omniauth/strategies/shopify.rb:105:in `request_phase'

A session dump shows:

locale: "en"
omniauth.origin: "https://sport-haley.dev/login?shop=swift-braun3430.myshopify.com"
omniauth.params: {}
return_to: "/"
session_id: "d9f7120cfa71f26b374162ee24798427"
shopify.omniauth_params: {"shop"=>"swift-braun3430.myshopify.com"}

So I hacked the Shopify App gem in the Sessions Controller, and under the authenticate method, I hacked on the shop parameter... so this is super cheesy and should not be happening right?

def authenticate
  if sanitized_shop_name.present?
    session['shopify.omniauth_params'] = { shop: sanitized_shop_name }

Here be dragons... the redirect does not contain the shop name unless I tack it on? PorKayWha?

    fullpage_redirect_to "#{main_app.root_path}auth/shopify?shop=#{sanitized_shop_name}"
  else
    redirect_to return_address
  end
end

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions