As indicated via a notification on your partner dashboard, new embedded apps are now required to use session tokens instead of cookies for authorization.
This requirement will apply to all embedded apps by Jan 1 2022.
Below is a link to a video tutorial on implementing the JWT session token using app bridge and bootstrapping the Shopify CLI's example code.
1:26 What is a session token?
2:36 What's wrong with using cookies these days?
5:01 Session token vs access token
6:54 Looking at the JWT token
16:22 Session token life cycle
18:00 Frontend implementation
28:16 Backend implementation
40:29 Using the uninstall webhook
23:22 Why not just use the offline token?
44:52 Adding a script tag
46:37 Stuck in redirect loop
- Overview: https://shopify.dev/concepts/apps/bui...
- Tutorial: https://shopify.dev/tutorials/authent...
- Getting started with app bridge: https://shopify.dev/tools/app-bridge/...
I'm trying to convert Shopify embedded app with cookie based authentication into session token authentication. I've watched your YouTube video and followed server.js and _app.js implementation, however, I am keep getting "Enable cookie" notice from the browser. I think I can continue the conversion, if I can get the point where you are(load the app and display the simple text in the index.js from the frontend without "Enable cookie" notice loop. So I was wondering if you can share the the source code used for the demo.