OK this is a funny one, we added Online auth (after Offline auth) so we could tell which user is logging into our app (auditing, permissions, etc.), cool.
However randomly, very rarely, for specific user accounts, instead of getting a JSON response, we get an HTML response, when you dump the page you get the error:
Our application takes the code that is returned to us, and immediately uses it to call
Example code:
As you see there, we capture the fact that ShopifySharp fails to parse the message and dump the raw payload -- we get HTML, this obviously isn't the norm or we'd fail to parse the access token, the user details, etc. this works for thousands of users, but fails for <15 of them, nothing we do fixes the users experiencing the issue (it seems to be specific user and store combinations, eg: an agency can log into other stores fine -- but Shopify seems to treat user accounts as local to the store with little to no global tracking [IDs aren't global]).
Anyone experience this? Any ideas?
However randomly, very rarely, for specific user accounts, instead of getting a JSON response, we get an HTML response, when you dump the page you get the error:
Oauth error invalid_request: The authorization code was not found or was already usedOur application takes the code that is returned to us, and immediately uses it to call
admin/oauth/access_token via ShopifySharp (we use their tooling to manage the request, so headers are properly set and whatnot).Example code:
C#:
protected async Task<AuthorizationResult> AuthorizePerUserAsync(
string code,
string shopDomain,
string clientId,
string clientSecret
)
{
var shopifyDomainUri = new UriBuilder(ShopifyDomainUtility.BuildShopDomainUri(shopDomain))
{
Path = "admin/oauth/access_token"
};
// JsonContent in ShopifySharp sets the accept type on the header, so it knows we want JSON
var content = new JsonContent(new
{
client_id = clientId,
client_secret = clientSecret,
code,
});
using var client = HttpClientFactory.CreateClient();
using var request = new CloneableRequestMessage(shopifyDomainUri.Uri, HttpMethod.Post, content);
using var response = await client.SendAsync(request);
var rawDataString = await response.Content.ReadAsStringAsync();
try
{
ShopifySharp.ShopifyService.CheckResponseExceptions(await request.GetRequestInfo(), response, rawDataString);
}
catch (ShopifySharp.ShopifyHttpException exception) when (exception.Message.Contains("but there was no JSON to parse into an error message.") && !string.IsNullOrEmpty(rawDataString))
{
throw new ShopifySharp.ShopifyException(exception.Message + $" Raw Payload for shop '{shopDomain}': '{rawDataString}'", exception);
}
var json = JToken.Parse(rawDataString);
var associatedUser = (json.SelectToken("associated_user") ?? JValue.CreateNull()).ToObject<AssociatedUserResult>();
return new AuthorizationResult(
json.Value<string>("access_token"),
json.Value<string>("scope")?.Split(','),
json.Value<string>("expires_in"),
json.Value<string>("associated_user_scope")?.Split(','),
associatedUser
);
}As you see there, we capture the fact that ShopifySharp fails to parse the message and dump the raw payload -- we get HTML, this obviously isn't the norm or we'd fail to parse the access token, the user details, etc. this works for thousands of users, but fails for <15 of them, nothing we do fixes the users experiencing the issue (it seems to be specific user and store combinations, eg: an agency can log into other stores fine -- but Shopify seems to treat user accounts as local to the store with little to no global tracking [IDs aren't global]).
Anyone experience this? Any ideas?