Is it possible throughout the app installation process to request both online and offline session tokens?
I will need an offline token to perform API requests in background tasks and an online token for the logged in user, to perform requests from the front end.
Also, are online tokens restricted to Shopify Plus or can they be requested in by any app regardless of the Shop account type?
Solved! Go to the solution
This is an accepted solution.
Yes - Offline and Online Tokens can be used simultaneously by using different access tokens. They are requested during the OAuth process.
There's no restrictions of online access tokens to Plus Stores. Please let me know if you have any further questions - thanks!
Thanks for getting back to me.
What is the flow for creating both token types? Should I request an offline token when the app is installed, and then pass the user through oauth a second time to get the online token? As the online token has a limited lifespan, the user will then need to pass though oauth intermittently to refresh the token. Is this correct or is there a best practice for handling this?
The recommended flow is to request a (permanent) offline token when the app is installed and store that in your app's backend. Then after installation, pass the user through oauth again to request an online (session) token. There shouldn't be any need for any interaction from the user for the second pass as long as you keep the scopes the same.