I am currently developing an App that calls a Node sever that retrieves data from a hosted MongoDB database. I am primarily a frontend dev, so all this backend processes are a little over my head (so bare with me).
Following the Node auth tutorial, I can install the app in a dev store and receive an access token. I am just a little confused about the user flow. Once a request comes through from a user, do I re-authenticate each request to ensure the shop has purchased the app? My concern that this that is approach would greatly slow down the system and be overkill, as each shop needs to be authenticated rather than each request.
I can store an auth_date that is compared to now(), but this would still require an eventual re-oauth. How do you handle redirects for a simple user request for data? As I said before, I am a complete new comer to this are of web development so any information would be greatly appreciated :D
Solved! Go to the solution
This is an accepted solution.
To answer my own question:
From the ScriptTag documentation: "Script tags are scoped to the app that created them. When an app is uninstalled from a shop, all of the script tags that it created are automatically removed along with it." https://shopify.dev/docs/admin-api/rest/reference/online-store/scripttag
Therefore, Shopify handles whether or not the app is currently installed on a shop page. So oAuth handles the installation of the app, then it should be all good. I am a total rookie but I hope this helps someone in the future :)