Regarding https://twitter.com/jmwind/status/1256249454430224386, can we get a rough idea of how this will work and when it would be released?
Will it be only for App Bridge or also available for the EASDK?
Given the recurring cookies issues with customers, we are considering rewriting our authentication mechanism to be cookie less, but it would be a shame if we did the work and shortly after the new solution was released...
Regarding summer, is that the timeframe for production or beta?
I understand that you might not be able to share more yet, but I was hoping you could just share the type of embedding technique that you will be using, as it can have an impact on the authentication design we might choose.
For example, is it based on a link tag like <link rel="import" href="<url>">, or some other mechanism?
Hi! That's the timeline for production.
The gist is that Shopify issues a JWT to the app frontend via App Bridge, you include that JWT in the Authentication header of your requests to your app backend, and then your app backend can verify the JWT signature and know which shop/user the request is on behalf of.
We'll share more details soon! Thanks!
Hi Victor, it can be hard to diagnose issues with the cookie-based auth flow. If you're running into problems, I'd recommend you try out the new cookieless option and see if it resolves some of the issues: https://shopify.dev/tools/app-bridge/authentication