Permenant access token have validity?

Excursionist
41 0 6

https://help.shopify.com/en/api/tutorials/build-a-shopify-app-with-node-and-express

According to this tutorial after authentication we get code parameter and it is exchanged with permanent access token, right ?

 

My doubt is do we need to get permanent access token every time user opens the installed app? Is there any validity for permanent access token?

 

According to the tutorial, every time user takes app from shopify dashboard it redirects to /shopify?shop=XXXX then it further redirects to oauth url (https://' + shop + '/admin/oauth/authorize?client_id=' + apiKey + '&scope=' + scopes + '&state=' + state + '&redirect_uri=' + redirectUri) then it further redirects to /shopify/callback in callback it verifies hmac and then code is exchanged with permanent access token. So this means every time user takes app it gets new permanent access token right?

0 Likes
Shopify Staff
Shopify Staff
618 45 84

Hi @captainzero,

 

An offline, permanent access token is just that, permanent. It will be valid until the app is uninstalled or your revoke your permissions. When you are putting the user through the oAuth flow after you've already received an access token, you are doing so to verify the request came from Shopify and is legitimate (through HMAC and state comparisons) more than to receive a new token. In fact, you'll only receive a new token if you update your scopes or it's a fresh install.

 

Let me know if you still have questions about this flow.

 

Cheers,

1 Like
Excursionist
41 0 6

@Busfox Thanks for the reply, So it's not necessary to get a new token on every app launch. What I understood from the code mentioned above is it gets a new token every time app launches from admin apps section.

0 Likes
Excursionist
24 2 0

@captainzero did you manage to prevent getting new one after every new admin session?


0 Likes
Excursionist
41 0 6

Yes, you will have to make a custom auth flow based on that tutorial (not use koa or express packages)

0 Likes
Excursionist
24 2 0

can you explain or give me example code?

0 Likes