A space to discuss GraphQL queries, mutations, troubleshooting, throttling, and best practices.
Hi there,
I implemented the OAuth flow that's described in the docs (without any library, just using plain python). It's working correctly. Well, at least for a while.
After some time (I'd guess a day) all the requests start throwing 401 errors.
I read about the difference between offline and online mode, and the default is supposed to be offline mode.
Could it be that I get online mode access tokens without actually specifying the mode?
I tried looking into how the access mode is specified, but didn't find anything.
This is the URL I redirect users to:
https://{shop}/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_url}&state={nonce}&grant_options[]=per-user
And this is the code I use to receive the access token:
req = requests.post( f'https://{shop}/admin/oauth/access_token', { 'client_id': 'xyz', 'client_secret': 'xyz', 'code': 'xyz' }, )
How can I specify the access mode here? Did I accidentally overwrite it?
Any help would be appreciated.
Thanks! 🙂
"App developers should make sure to handle such a response gracefully. After an access token has expired, Shopify returns a 401 Unauthorized response code."
https://shopify.dev/apps/auth/oauth/access-modes
Make sure the access token you're trying to use isn't expired.
Also, I'm not sure how you can do it in python but, this is how you can set online access mode in js
const app = express();
app.set("use-online-tokens", USE_ONLINE_TOKENS);
@Rechunk add this in your above request
accessMode: 'offline',
Hi there,
thanks for the answer. I tried it, but unfortunately after a day it's giving me 401's again...
@Rechunk I need more info 401 on frontend request to backend or backend API request to Shopify.
@Rechunk I have been working on shopify apps for 2+ years never once did I encounter this issue once the offline token is generated it never expires unless the app is uninstalled.
@hamzasgd The 401 happens with the following path: /admin/api/2022-04/orders.json?status=any&limit=5
As I said, it works just fine for the first day, but stops thereafter. The API token that's passed is still the same.
Could it maybe have anything to do with the fact that I'm only testing it on a development shop? Probably not, right?
@Rechunk Yes it does not have anything to do with the development shop
@Rechunk The behaviour you are describing is clearly an online token
@hamzasgdI added 'accessMode' in the json payload as per your description, just underneath the 'code' key. Unfortunately, haven't found anything in the docs about this, just describing the difference between access modes, but not how they are actually requested...
Is there any way to actually see the accessMode when the token is returned in the response?
Just found the solution...
I needed to change the grant_options in the URL from "per-user" to "value":
grant_options[]=value
Found it here in the docs: https://shopify.dev/apps/auth/oauth/getting-started#ask-for-permission
But pretty hidden 😕