Oauth session error - Invalid shop argument

[sireaev]

Hi there,

"@shopify/app": "3.16.3",
"@shopify/cli": "3.16.3",
"@shopify/shopify-api": "^5.0.0"

The app is using SQLiteSessionStorage and offline tokens:

const USE_ONLINE_TOKENS = false;
const DB_PATH = `${process.cwd()}/XXXXXXXXX.sqlite`;
sessionDb = new Shopify.Session.SQLiteSessionStorage(DB_PATH);

Shopify.Context.initialize({
  API_KEY: process.env.SHOPIFY_API_KEY,
  API_SECRET_KEY: process.env.SHOPIFY_API_SECRET,
  SCOPES: process.env.SCOPES.split(","),
  HOST_NAME: process.env.HOST.replace(/https?:\/\//, ""),
  HOST_SCHEME: process.env.HOST.split("://")[0],
  API_VERSION: LATEST_API_VERSION,
  IS_EMBEDDED_APP: true,
  SESSION_STORAGE: sessionDb,
});

I'm developing a shopify node app, have used shopify cli to generate node template, for development I've used ngrok and didn't stay much time online testing sessions, but as soon as I got to production server (hosted) it gives the following error: Received invalid shop argument and the node process exits with status code 1.

I'm starting the node on prod with the command: npx cross-env IP=XXX.XXX.XXX.XXX HOST=https://XXXXXXX SCOPES=XXXX NODE_ENV=production SHOPIFY_API_SECRET=XXX SHOPIFY_API_KEY=XXXX node index.js

The server starts to work properly, but after a couple of days it gives out the error Received invalid shop argument.

Additional information:

one of the shopify page from the app is using the current session information to show the email on the page, and it's extracted like this:

const session = await Shopify.Utils.loadCurrentSession(req, res, app.get("use-online-tokens"));
            const { Shop } = await import(
                `@shopify/shopify-api/dist/rest-resources/${Shopify.Context.API_VERSION}/index.js`
            );

            const data = await Shop.all({
                session,
                fields: "email,customer_email",
            })
            
            res.status(200).send(data[0])

the error is saying that the problem issued from redirect-to-auth.js on server side redirect

async function serverSideRedirect(req, res, app) {
  const redirectUrl = await Shopify.Auth.beginAuth(
    req,
    res,
    req.query.shop,
    "/api/auth/callback",
    app.get("use-online-tokens")
  );

  return res.redirect(redirectUrl);
}

What could go wrong?
What could I do to solve the problem?

ps. I've checked the shopify forum and the session instructions: https://github.com/Shopify/shopify-api-node/blob/HEAD/docs/issues.md#notes-on-session-handling

Thanks,

[cquemin]

@sireaev Thanks for raising this. I was wondering if it would be possible for you migrate to v6 and see if the error is still reproducible? You can find a migration guide here.

[sireaev]

@cquemin This problem has been solved, it should be handled in all of auth.js and verify-request (try catching) the wrong requests, although verifying hmac, there're other issues on v6 and a new shopify object, but I've already created other threads for it. So this issue is no more a concern.

Thanks, can be closed.

[dani-sanomads]

Can you guys mention the issues with v6 or is it working fine ? Because we need to submit the app to shopify store and I'm getting 503 for webhook calls instead of 401.
@sireaev @cquemin

[cquemin]

Thanks for reaching out @dani-sanomads, this sounds like a different issue altogether. If you have not migrated to v6 yet, would you be able to migrate first? Then, if you are still experiencing your problem, you can create another issue, following the template as closely as possible so that we can figure out in detail what is the problem. I hope this makes sense.

[dani-sanomads]

Not yet but I'm developing another app in v6 and i'm not receiving gdpr webhook calls for CUSTOMERS_DATA_REQUEST from admin dashboard although i tested it through postman and it worked fine. And for the 503 error in v5 I have seen that during the webhook call the error handling is not managed properly.

[Harshpanday]

Hey @cquemin ,
I am new to the shopify admin api, I am also trying to access my shopify store using the API. But I am getting similar error while doing OAuth

const { shopifyApi,ApiVersion } = require('@shopify/shopify-api');
require('@shopify/shopify-api/adapters/node');

const shopify = shopifyApi({
    apiKey: 'XXXX',
    apiSecretKey:'XXXX',
    scopes: ['read_products'],
    hostName: 'localhost:3000',
    shop:'XXX.myshopify.com',
    apiVersion: ApiVersion.July22,
  });

app.get('/auth', async (req, res) => {
    try{
    await shopify.auth.begin({
        shop: shopify.utils.sanitizeShop(req.query.shop, true),
        callbackPath: '/auth/callback',
        isOnline: false,
        rawRequest: req,
        rawResponse: res,
    });}
    catch(e){
        console.log(e)
    }
});

Error

InvalidShopError: Received invalid shop argument at Object.sanitizeShop (XXXX\node_modules\@shopify\shopify-api\lib\utils\shop-validator.js:15:19)
at XXXX\index.js:37:29
at Layer.handle [as handle_request] (XXXX\node_modules\express\lib\router\layer.js:95:5)
at next (XXXX\node_modules\express\lib\router\route.js:144:13)
\index.js:346:12)
at next (XXXX\node_modules\express\lib\router\index.js:280:10)
at expressInit (XXXX\node_modules\express\lib\middleware\init.js:40:5)

I would be grateful if someone could tell me What I am doing wrong?

[marcelo1811]

@Harshpanday make sure that you are adding the domain to the shop:

Example:
shop = some-store -> wrong
shop = some-store.myshopify.com -> right