Video tutorial on using JWT session tokens to authenticate your embedded app

Shopify Staff
Shopify Staff
21 0 11

As indicated via a notification on your partner dashboard, new embedded apps are now required to use session tokens instead of cookies for authorization.

This requirement will apply to all embedded apps by Jan 1 2022.

Below is a link to a video tutorial on implementing the JWT session token using app bridge and bootstrapping the Shopify CLI's example code.

0:00​ Intro
1:26​ What is a session token?
2:36​ What's wrong with using cookies these days?
5:01​ Session token vs access token
6:54​ Looking at the JWT token
16:22​ Session token life cycle
18:00​ Frontend implementation
28:16​ Backend implementation
40:29​ Using the uninstall webhook
44:52​ Questions

23:22 Why not just use the offline token?
44:52 Adding a script tag
46:37 Stuck in redirect loop

Documentation links
- Overview:
- Tutorial:
- Getting started with app bridge:


6 0 1

Hi Jason,

I'm trying to convert Shopify embedded app with cookie based authentication into session token authentication.  I've watched your YouTube video and followed server.js and _app.js implementation, however, I am keep getting "Enable cookie" notice from the browser.   I think I can continue the conversion, if I can get the point where you are(load the app and display the simple text in the index.js from the frontend without "Enable cookie" notice loop.  So I was wondering if you can share the the source code used for the demo.


Shopify Staff
Shopify Staff
21 0 11


The source code from the demo is based off of this repo.