Problem with auth using the session token

Yurii_Rybak
New Member
4 0 0

Hi there. We use node.js(express.js), ejs templating and turbolinks to create our app. We implemented session token-based authorization based on an algorithm that Shopify recommends https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens (section "Use session tokens with Turbolinks"). Step 3 describes that we need to get a session token every 50 seconds (This ensures that your session tokens are always valid), but when we get a token after 50 seconds using the getSessionToken method (https://www.npmjs.com/package/@shopify/app-bridge-utils), we don't get a new token, but a previous one and the token lifetime expires in a couple of seconds. After the next 50 seconds, we get a new token but this token lifetime expires also in a couple of seconds.
We created code to retrieve a session token based on this tutorial https://github.com/Shopify/turbolinks-jwt-sample-app#fetching-and-storing-session-tokens: 

async function retrieveToken(app) {
    const AppBridgeUtils = window['app-bridge-utils'];
    let token = await AppBridgeUtils.getSessionToken(app);
    window.sessionToken = token;
  }

  function keepRetrievingToken(app) {
    setInterval(() => {
      retrieveToken(app);
    }, 50000);
  }

Can anyone help me with how to get a new session token every 50 seconds? Open to discussions and can provide more details. I will be glad for any help, thanks.

0 Likes
Greg_Kujawa
Shopify Partner
1016 83 237

While I'm familiar with this particular package, I've had other API scenarios where token-based access can be quirky. What I found to be a workaround involved requesting a token just prior to any API request I'm issuing. Even if I get the same token returned I know it should work being pushed into the immediately subsequent API request I'm making. Maybe it generates unnecessary requests and associated chatter, but it was a practical workaround.

0 Likes