Hi everyone, I've been working on this a few days and haven't been able to make the conversion from cookie based auth to session based auth.
I ran bundle update shopify_app to get the latest version (17.1.1).
I've also went through these tutorials:
But I'm still not able to load my app in incognito mode (to disable cookies). It goes through the endless redirect, even though the shopify_app.rb config file instructs it not to with these lines:
config.shop_session_repository = 'Shop' config.reauth_on_access_scope_changes = true config.allow_jwt_authentication = true config.allow_cookie_authentication = false
Does anyone have a good tutorial on upgrading a Shopify app built with Rails and the shopify_app gem, to convert to session tokens?
Or ideas on what I can do to debug the problem further, or solve this?
I'm in process of converting all of our apps over, just need to crack the code on the first one but can't find ample documentation to get this working.
Thank you in advance for any help you can provide.
We just kept hacking away at it until we got it working. I couldn't find a good tutorial but those I linked above will help as a starting point. The key point I learned is that you have to have 1 controller / view (like a splash page) that loads before each page load in order to generate the session token in JS (as explained in the tutorials), then you can make your normal controller / view renders from there.
With that system, a single page app might be the way to go, so you only have to do that session token grab on the first load.
The usual gotcha is not paying attention to your controllers and whether they authenticate or not. You should be rendering your App with a controller that is not authenticating. That eliminates all the bongo effects of trying to authenticate back and forth etc. Any calls to resources that are secure and protected are then done with the JWT.
It sounds like you were simply using the old school cookie pattern for your controllers while at the same time trying to use JWT, and the mixing is the issue. It kinda sucks that at this time we are stuck with the gem carrying around crufty old code while trying to shim in slimmer and more modern code. But still, the gem does do an admirable job of 95% of what you need, leaving very little to the imagination, till you get to actual code work with the APIs.