diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index eebdc3ee..62839af9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -60,6 +60,9 @@ jobs:
       - name: Install Laravel and Orchestra Testbench
         run: composer require "illuminate/contracts:${{ matrix.laravel }}" --no-interaction --no-update
 
+      - name: Allow composer-normalize plugin
+        run: composer config allow-plugins.ergebnis/composer-normalize true
+
       - name: Get composer cache directory
         id: composer-cache
         run: echo "::set-output name=dir::$(composer config cache-files-dir)"
diff --git a/src/Traits/AuthController.php b/src/Traits/AuthController.php
index 6674ef5b..df537b34 100644
--- a/src/Traits/AuthController.php
+++ b/src/Traits/AuthController.php
@@ -54,8 +54,20 @@ public function authenticate(Request $request, AuthenticateShop $authShop)
                 throw new MissingAuthUrlException('Missing auth url');
             }
 
-            // Just return them straight to the OAUTH flow.
-            return Redirect::to($result['url']);
+            $shopDomain = $shopDomain->toNative();
+            $shopOrigin = $shopDomain ?? $request->user()->name;
+
+            return View::make(
+                'shopify-app::auth.fullpage_redirect',
+                [
+                    'apiKey' => Util::getShopifyConfig('api_key', $shopOrigin),
+                    'appBridgeVersion' => Util::getShopifyConfig('appbridge_version') ? '@'.config('shopify-app.appbridge_version') : '',
+                    'authUrl' => $result['url'],
+                    'host' => $request->host ?? base64_encode($shopOrigin.'/admin'),
+                    'shopDomain' => $shopDomain,
+                    'shopOrigin' => $shopOrigin,
+                ]
+            );
         } else {
             // Go to home route
             return Redirect::route(
diff --git a/src/resources/views/auth/fullpage_redirect.blade.php b/src/resources/views/auth/fullpage_redirect.blade.php
index c6feecff..8d438b4d 100644
--- a/src/resources/views/auth/fullpage_redirect.blade.php
+++ b/src/resources/views/auth/fullpage_redirect.blade.php
@@ -6,6 +6,8 @@
 
         <title>Redirecting...</title>
 
+        <script src="https://unpkg.com/@shopify/app-bridge{!! $appBridgeVersion !!}"></script>
+        <script src="https://unpkg.com/@shopify/app-bridge-utils{!! $appBridgeVersion !!}"></script>
         <script type="text/javascript">
             document.addEventListener('DOMContentLoaded', function () {
                 var redirectUrl = "{!! $authUrl !!}";
@@ -17,11 +19,17 @@
                     normalizedLink = document.createElement('a');
                     normalizedLink.href = redirectUrl;
 
-                    data = JSON.stringify({
-                        message: 'Shopify.API.remoteRedirect',
-                        data: { location: redirectUrl },
+                    var AppBridge = window['app-bridge'];
+                    var createApp = AppBridge.default;
+                    var Redirect = AppBridge.actions.Redirect;
+                    var app = createApp({
+                        apiKey: "{{!! $apiKey !!}}",
+                        shopOrigin: "{{!! $shopOrigin !!}}",
+                        host: "{{!! $host !!}}",
                     });
-                    window.parent.postMessage(data, "https://{{ $shopDomain }}");
+
+                    var redirect = Redirect.create(app);
+                    redirect.dispatch(Redirect.Action.REMOTE, normalizedLink.href);
                 }
             });
         </script>
diff --git a/tests/Traits/AuthControllerTest.php b/tests/Traits/AuthControllerTest.php
index efdb9a5a..bcbc3355 100644
--- a/tests/Traits/AuthControllerTest.php
+++ b/tests/Traits/AuthControllerTest.php
@@ -24,8 +24,11 @@ public function testAuthRedirectsToShopifyWhenNoCode(): void
         $response = $this->call('post', '/authenticate', ['shop' => 'example.myshopify.com']);
 
         // Check the redirect happens and location is set properly in the header.
-        $response->assertStatus(302);
-        $response->assertHeader('location', 'https://example.myshopify.com/admin/oauth/authorize?client_id='.Util::getShopifyConfig('api_key').'&scope=read_products%2Cwrite_products&redirect_uri=https%3A%2F%2Flocalhost%2Fauthenticate');
+        $response->assertViewHas('shopDomain', 'example.myshopify.com');
+        $response->assertViewHas(
+            'authUrl',
+            'https://example.myshopify.com/admin/oauth/authorize?client_id='.Util::getShopifyConfig('api_key').'&scope=read_products%2Cwrite_products&redirect_uri=https%3A%2F%2Flocalhost%2Fauthenticate'
+        );
     }
 
     public function testAuthAcceptsShopWithCode(): void