I already made a post here https://community.shopify.com/c/Shopify-Discussion/Embedded-App-how-to-decode-and-use-the-session-to....
Because I didn't get an answer yet, I want to mention my post also here because I see more activity in here.
How can I verify the request coming from Shopify Admin to my App after the installation of the public app is done?
Thank you a lot for reading.
Thank you a lot for your answer. I read it but I don't know what to do exactly, do I have to compare the session token from the app bridge and the token from the request?
If not, why does Shopify Admin Panel delivers that parameter ("session") in the first place? Is it for the app bridge itself to receive an actual JWT token?
I don't know what session is in the Shopify Admin Panel. What I do is I get the session token using AppBridgeUtils (per the link I sent to you). Then I send the session token over to my Node.js server and then authenticate it using this npm library: https://www.npmjs.com/package/shopify-jwt-auth-verify. If it passes, then I let them into my app.