Focuses on API authentication, access scopes, and permission management.
I have a custom embedded app installed in my store. The app is hosted on Heroku and gets restarted once a day according to Heroku's policy. The problem is, the offline access token that my app has exchanged with the initial session token acquired from App Bridge seems to expire every time my app gets restarted by Heroku. I think this shouldn't happen because the access token is offline, so it can be used for as long as the app is installed.
I'm not really in trouble, as I can re-acquire another access token once Heroku restarts my app, but I'd like to understand what is actually happening between my app and the Shopify API during the authentication process. I'd appreciate any hints or insights about the situation.