Embedded token compliance question

Solved
kunalwf
Tourist
8 0 2

I see this requirement:

"Embedded apps that don't use session tokens - Embedded apps submitting to the Shopify App Store must use session tokens to authenticate. Session tokens offer a better merchant experience and avoid service disruptions caused by third party cookies."

We use a Shopify App Bridge based token once per visit to authenticate, then we exchange it for a different "Withfriends token" that we use for the remainder of the a visit because the "Withfriends token" is in a more convenient format for our Apollo GraphQL configuration. Does this comply?  We do not use cookies.

 
Accepted Solution (1)

Accepted Solutions
olavoasantos
Shopify Staff
8 2 6

This is an accepted solution.

Hi @kunalwf. How are you?

I'm Olavo from Shopify. Thank you for reaching out.

I'd say that yes, it does comply. The requirement you mentioned is in regards to using session token instead of cookies to authenticate. Since you are using a session token, you should be good. As a good practice, I'd suggest for you to decode Shopify's session token as it's the only trusted way to get the correct shop. Moreover, make sure you validate Shopify's session token to verify that it's not expired.

I hope this helps. Please let me know if you have any more questions.

View solution in original post

Replies 2 (2)
olavoasantos
Shopify Staff
8 2 6

This is an accepted solution.

Hi @kunalwf. How are you?

I'm Olavo from Shopify. Thank you for reaching out.

I'd say that yes, it does comply. The requirement you mentioned is in regards to using session token instead of cookies to authenticate. Since you are using a session token, you should be good. As a good practice, I'd suggest for you to decode Shopify's session token as it's the only trusted way to get the correct shop. Moreover, make sure you validate Shopify's session token to verify that it's not expired.

I hope this helps. Please let me know if you have any more questions.

View solution in original post

kunalwf
Tourist
8 0 2

Thank you very much! That is clarifying.