Removing jwt token from local storage once shopify public app is uninstalled

omkarlanghe
New Member
3 0 0

I am new to Shopify platform and have a doubt which I want to clarify.

We are developing a public app on Shopify. Currently we are facing a issue after app uninstall.

Our app contains a login page and we are using jwt based authentication. We are storing jwt token in local storage.

Now the issue is :

  • When ever our app is uninstalled, we get a uninstall webhook based on which we perform few database operations.
  • Now once the app is uninstall, We want to remove jwt token from local storage because after uninstallation of the app, if we try to access our public app specific APIs, they are accessed because JWT token in my local storage exists.

I Somehow want to restrict all kinds of these unethical activities and want to overcome all security flaws. Currently I am thinking to clear token from local storage.

As I am new to shopify, Can anyone tell me what better solution for this problem could be ? Is my current approach of saving jwt token in local storage is correct ?

0 Likes
Greg_Kujawa
Shopify Partner
965 80 204

If you deployed your public app via an app proxy (https://shopify.dev/tutorials/display-data-on-an-online-store-with-an-application-proxy-app-extensio...) then you could validate the inbound requests with HMAC signature validation. Any requests that pass validation would be allowed by your own provided solution. So the need for locally storing an JWT cookies wouldn't be necessary I don't believe.

Am I oversimplifying things? 

0 Likes