I’m building a Shopify app and facing authentication issues. During the OAuth flow, I keep getting this error:
{
"error": "invalid_request",
"error_description": "The redirect_uri and application url must have matching hosts"
}
Both my redirect_uri and Application URL are configured as ‘http://serv.dudeami.com/shopify/public/’. I’m wondering if the subdomain is causing problems. I’ve tried different redirect_uri values but nothing seems to work, even with proper URL encoding.
I also noticed that the OAuth only works when I include both client_id and scope parameters. If I omit the scope or leave it empty, I get an ‘invalid_scope’ error. This is strange because the documentation suggests that basic permissions should work with just the client_id.
While I can work around this by checking for the ‘code’ parameter and handling the installation flow that way, I’d prefer to have proper redirect handling to a dedicated page for verification and token exchange processes. Has anyone encountered similar issues with Shopify OAuth configuration?
Had this exact issue when I deployed my first Shopify app. That “matching hosts” error is misleading - it’s actually an http vs https problem. Even though you’re using http://serv.dudeami.com everywhere, Shopify’s validation enforces https for certain setups. Switch both your Partner Dashboard Application URL and redirect_uri to https. Your server needs SSL support though. The scope parameter requirement is normal - Shopify needs explicit scope declaration even for basic stuff. Their docs are outdated here. I use ‘read_shop_data’ as minimal scope for testing. Also check if your app’s embed settings in Partner Dashboard conflict with your OAuth flow.
check your oauth url’s api version - old versions throw weird redirect errors even when everything else looks fine. also make sure your app isn’t stuck in development mode since that breaks redirect validation. i had the same problem and it was my partner dashboard settings being cached. took about 30 minutes to actually update after i changed them.
Had this exact issue six months ago setting up our Shopify integration. Your subdomain’s fine - that’s not the problem. You’ve got a URL mismatch between your Partner Dashboard config and what your app’s actually sending during OAuth. Check that your Partner Dashboard URL matches exactly, including trailing slashes. Also make sure you’re not mixing protocols - I wasted hours because I had https in the dashboard but my dev environment was sending http requests. The scope parameter thing is normal even though the docs suck at explaining it. Shopify wants explicit scopes even for basic stuff. I always throw in ‘read_products’ or whatever minimum your app needs. Empty scope will definitely give you that invalid_scope error.