Embedded token compliance question

Solved

Embedded token compliance question

kunalwf
Shopify Partner
29 0 6

I see this requirement:

"Embedded apps that don't use session tokens - Embedded apps submitting to the Shopify App Store must use session tokens to authenticate. Session tokens offer a better merchant experience and avoid service disruptions caused by third party cookies."

We use a Shopify App Bridge based token once per visit to authenticate, then we exchange it for a different "Withfriends token" that we use for the remainder of the a visit because the "Withfriends token" is in a more convenient format for our Apollo GraphQL configuration. Does this comply?  We do not use cookies.

 
Accepted Solution (1)

olavoasantos
Shopify Staff
21 5 15

This is an accepted solution.

Hi @kunalwf. How are you?

I'm Olavo from Shopify. Thank you for reaching out.

I'd say that yes, it does comply. The requirement you mentioned is in regards to using session token instead of cookies to authenticate. Since you are using a session token, you should be good. As a good practice, I'd suggest for you to decode Shopify's session token as it's the only trusted way to get the correct shop. Moreover, make sure you validate Shopify's session token to verify that it's not expired.

I hope this helps. Please let me know if you have any more questions.

To learn more visit the Shopify Help Center or the Community Blog.

View solution in original post

Replies 2 (2)

olavoasantos
Shopify Staff
21 5 15

This is an accepted solution.

Hi @kunalwf. How are you?

I'm Olavo from Shopify. Thank you for reaching out.

I'd say that yes, it does comply. The requirement you mentioned is in regards to using session token instead of cookies to authenticate. Since you are using a session token, you should be good. As a good practice, I'd suggest for you to decode Shopify's session token as it's the only trusted way to get the correct shop. Moreover, make sure you validate Shopify's session token to verify that it's not expired.

I hope this helps. Please let me know if you have any more questions.

To learn more visit the Shopify Help Center or the Community Blog.

kunalwf
Shopify Partner
29 0 6

Thank you very much! That is clarifying.