Session Token Authentication Not Recognized in Shopify Partner - Need Help

Solved

Session Token Authentication Not Recognized in Shopify Partner - Need Help

axeltta
Shopify Partner
20 1 4

Hi Shopify Community,

I’m working on a Shopify app called PlusSales, and I’m currently trying to achieve Built for Shopify certification. One of the key requirements is implementing session token authentication, but I’m running into issues where Shopify still marks session token authentication as "not used", even though I’ve implemented it.

Here’s a quick overview of the situation:

  • App Bridge is initializing correctly in the frontend. I can see in the logs that App Bridge is initialized, the session token is being fetched and passed in the Authorization header for API requests.
  • I’ve also set up token refreshing on the frontend, and logs show that the access token and refresh token are found and being refreshed when needed.
  • I’ve made sure that I’m verifying the session token on the backend by decoding and validating it using my Shopify API secret.

Despite all this, Shopify still flags session token authentication as "not used" in the Partner Dashboard.

Here’s what I’ve checked so far:

  1. Session token usage across all API requests: Ensured that session tokens are passed with all authenticated requests.
  2. Token exchange: Tried to ensure the proper exchange flow of session tokens and access tokens.
  3. Token validation on the backend: Session tokens are decoded and validated on every relevant endpoint.
  4. Periodic token refresh: Session tokens are refreshed regularly before expiration.
  5. App Bridge version: App Bridge 2.0+ is being used and initialized correctly in the frontend.

What might be causing this?

Is there something I’m missing in the session token authentication flow? Has anyone encountered this issue before or know of a step that I might be overlooking? Any help or guidance would be greatly appreciated!

Thanks in advance for any insights you can provide.

Accepted Solution (1)

Liam
Community Manager
3108 340 872

This is an accepted solution.

Hi Axeltta,

 

When you did implement App Bridge, token refreshing on the front-end, and verification on the back-end? I know it can take a while for these changes to be reflected on the partner dashboard so it's possible you just need to wait a bit longer. In the meantime I've reached out to our internal team to see if there's anything you're missing - this is your app, correct? https://apps.shopify.com/plussales

 

 

Liam | Developer Advocate @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

Replies 3 (3)

Liam
Community Manager
3108 340 872

This is an accepted solution.

Hi Axeltta,

 

When you did implement App Bridge, token refreshing on the front-end, and verification on the back-end? I know it can take a while for these changes to be reflected on the partner dashboard so it's possible you just need to wait a bit longer. In the meantime I've reached out to our internal team to see if there's anything you're missing - this is your app, correct? https://apps.shopify.com/plussales

 

 

Liam | Developer Advocate @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

axeltta
Shopify Partner
20 1 4

Hey Liam, yes that is my app and you were right, it just takes a while for shopify to recognize we used Session Token Authentication.

I have another question, if we remove the use of session token authentication for a couple days for testing reasons, will shopify realize this and unmark the use of Session Token Authentication?

 

Thanks

Axel

Liam
Community Manager
3108 340 872

Hi Axel,

 

Could you run tests with a staging / sandbox version of your app instead of removing session token auth off the live version? Do the tests need to be on the live?

Liam | Developer Advocate @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog