How to upgrade to session tokens with Rails shopify_app gem?

JoesIdeas
Shopify Expert
1241 111 310

Hi everyone, I've been working on this a few days and haven't been able to make the conversion from cookie based auth to session based auth.

I ran bundle update shopify_app to get the latest version (17.1.1).

I also ran yarn upgrade @Shopify/polaris , which updated @Shopify/app-bridge to version 1.29.0.

I've also went through these tutorials:
https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens
https://shopify.dev/tutorials/authenticate-server-side-rendered-embedded-apps-using-rails-and-turbol...
- https://shopify.dev/tutorials/build-rails-react-app-that-uses-app-bridge-authentication

But I'm still not able to load my app in incognito mode (to disable cookies). It goes through the endless redirect, even though the shopify_app.rb config file instructs it not to with these lines:

 

config.shop_session_repository = 'Shop'
config.reauth_on_access_scope_changes = true
config.allow_jwt_authentication = true
config.allow_cookie_authentication = false

 

Does anyone have a good tutorial on upgrading a Shopify app built with Rails and the shopify_app gem, to convert to session tokens?

Or ideas on what I can do to debug the problem further, or solve this?

I'm in process of converting all of our apps over, just need to crack the code on the first one but can't find ample documentation to get this working.

Thank you in advance for any help you can provide.

Founder of Speed Boostr (Shopify optimization experts, theme customization, custom app development).
Creator of Shopify Analyzer (first performance analysis tool for Shopify sites, free for the Shopify community).
Creator of Order Automator (auto tag orders and customers + auto fulfillment + more automations).
More apps: Theme Scientist (A/B testing), Tip Jar (add a tip button), File Optimizer (optimize CSS, JS, Liquid).
0 Likes
Georgekpc
Shopify Partner
14 0 2

Hi there,

Did you find any solution? I am having the same problem and have been struggling over the last days.

Thanks

0 Likes
JoesIdeas
Shopify Expert
1241 111 310

We just kept hacking away at it until we got it working. I couldn't find a good tutorial but those I linked above will help as a starting point. The key point I learned is that you have to have 1 controller / view (like a splash page) that loads before each page load in order to generate the session token in JS (as explained in the tutorials), then you can make your normal controller / view renders from there.

With that system, a single page app might be the way to go, so you only have to do that session token grab on the first load.

Founder of Speed Boostr (Shopify optimization experts, theme customization, custom app development).
Creator of Shopify Analyzer (first performance analysis tool for Shopify sites, free for the Shopify community).
Creator of Order Automator (auto tag orders and customers + auto fulfillment + more automations).
More apps: Theme Scientist (A/B testing), Tip Jar (add a tip button), File Optimizer (optimize CSS, JS, Liquid).
HunkyBill
Shopify Expert
4480 45 485

The usual gotcha is not paying attention to your controllers and whether they authenticate or not. You should be rendering your App with a controller that is not authenticating. That eliminates all the bongo effects of trying to authenticate back and forth etc. Any calls to resources that are secure and protected are then done with the JWT.

It sounds like you were simply using the old school cookie pattern for your controllers while at the same time trying to use JWT, and the mixing is the issue. It kinda sucks that at this time we are stuck with the gem carrying around crufty old code while trying to shim in slimmer and more modern code. But still, the gem does do an admirable job of 95% of what you need, leaving very little to the imagination, till you get to actual code work with the APIs.

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
Georgekpc
Shopify Partner
14 0 2

I have finally managed to get this working!

Rendering my App with an unauthenticated controller did the trick!

 

Thanks a lot guys!!!