Video tutorial on using JWT session tokens to authenticate your embedded app

Jason_Tigas
Shopify Staff
Shopify Staff
21 0 11

As indicated via a notification on your partner dashboard, new embedded apps are now required to use session tokens instead of cookies for authorization.

This requirement will apply to all embedded apps by Jan 1 2022.

Below is a link to a video tutorial on implementing the JWT session token using app bridge and bootstrapping the Shopify CLI's example code.

https://www.youtube.com/watch?v=Vq0aWTaJDAY

Contents:
0:00​ Intro
1:26​ What is a session token?
2:36​ What's wrong with using cookies these days?
5:01​ Session token vs access token
6:54​ Looking at the JWT token
16:22​ Session token life cycle
18:00​ Frontend implementation
28:16​ Backend implementation
40:29​ Using the uninstall webhook
44:52​ Questions

Questions
23:22 Why not just use the offline token?
44:52 Adding a script tag
46:37 Stuck in redirect loop

Documentation links
- Overview:
https://shopify.dev/concepts/apps/bui...
- Tutorial:
https://shopify.dev/tutorials/authent...
- Getting started with app bridge:
https://shopify.dev/tools/app-bridge/...

 

JHLEE
Tourist
6 0 1

Hi Jason,

I'm trying to convert Shopify embedded app with cookie based authentication into session token authentication.  I've watched your YouTube video and followed server.js and _app.js implementation, however, I am keep getting "Enable cookie" notice from the browser.   I think I can continue the conversion, if I can get the point where you are(load the app and display the simple text in the index.js from the frontend without "Enable cookie" notice loop.  So I was wondering if you can share the the source code used for the demo.

Thanks,

0 Likes
Jason_Tigas
Shopify Staff
Shopify Staff
21 0 11

Hi JHLEE,

The source code from the demo is based off of this repo. 
https://github.com/Shopify/shopify-app-node/blob/master/pages/_app.js