From 36399aafccccf450eb3285ed8ed6ea07c617b446 Mon Sep 17 00:00:00 2001
From: Paritosh yadav <y.paritosh@gmail.com>
Date: Tue, 25 Oct 2022 11:40:26 +0530
Subject: [PATCH] Fix shopify hmac validation by inculding host params

---
 providers/shopify/session.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/providers/shopify/session.go b/providers/shopify/session.go
index 8a4b0c6ee..ba9e7e95a 100755
--- a/providers/shopify/session.go
+++ b/providers/shopify/session.go
@@ -43,8 +43,9 @@ func (s *Session) Authorize(provider goth.Provider, params goth.Params) (string,
 	// Validate the incoming HMAC is valid.
 	// See: https://help.shopify.com/en/api/getting-started/authentication/oauth#verification
 	digest := fmt.Sprintf(
-		"code=%s&shop=%s&state=%s&timestamp=%s",
+		"code=%s&host=%s&shop=%s&state=%s&timestamp=%s",
 		params.Get("code"),
+		params.Get("host"),
 		params.Get("shop"),
 		params.Get("state"),
 		params.Get("timestamp"),