Remove "token" from the query string of the target URL

src/ShopifyApp/Traits/AuthController.php

@@ -10,8 +10,9 @@
 use Osiset\ShopifyApp\Actions\AuthenticateShop;
 use Osiset\ShopifyApp\Exceptions\MissingAuthUrlException;
 use Osiset\ShopifyApp\Exceptions\SignatureVerificationException;
-use function Osiset\ShopifyApp\getShopifyConfig;
 use Osiset\ShopifyApp\Objects\Values\ShopDomain;
+use function Osiset\ShopifyApp\getShopifyConfig;
+use function Osiset\ShopifyApp\parseQueryString;
 
 /**
  * Responsible for authenticating the shop.
@@ -62,11 +63,25 @@ public function authenticate(Request $request, AuthenticateShop $authShop)
      */
     public function token(Request $request)
     {
+        $target = $request->query('target');
+
+        $query = parse_url($target, PHP_URL_QUERY);
+
+        if ($query) {
+            // remove "token" from the target's query string
+            $params = parseQueryString($query);
+            unset($params['token']);
+
+            $cleanTarget = trim(explode('?', $target)[0] . '?' . http_build_query($params), '?');
+        } else {
+            $cleanTarget = $target;
+        }
+
         return View::make(
             'shopify-app::auth.token',
             [
                 'shopDomain' => ShopDomain::fromNative($request->query('shop'))->toNative(),
-                'target'     => $request->query('target'),
+                'target'     => $cleanTarget,
             ]
         );
     }