Online & offline session tokens

Solved
Anonymous
Not applicable

Is it possible throughout the app installation process to request both online and offline session tokens?

I will need an offline token to perform API requests in background tasks and an online token for the logged in user, to perform requests from the front end. 

Also, are online tokens restricted to Shopify Plus or can they be requested in by any app regardless of the Shop account type? 

Accepted Solution (1)

Accepted Solutions
L_J_K
Shopify Staff
Shopify Staff
400 64 78

This is an accepted solution.

Hey @Anonymous 

Yes - Offline and Online Tokens can be used simultaneously by using different access tokens.  They are requested during the OAuth process.

There's a run through here of offline and online access here too if it helps. 

There's no restrictions of online access tokens to Plus Stores. Please let me know if you have any further questions - thanks!

| Shopify |
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!

View solution in original post

Replies 4 (4)
L_J_K
Shopify Staff
Shopify Staff
400 64 78

This is an accepted solution.

Hey @Anonymous 

Yes - Offline and Online Tokens can be used simultaneously by using different access tokens.  They are requested during the OAuth process.

There's a run through here of offline and online access here too if it helps. 

There's no restrictions of online access tokens to Plus Stores. Please let me know if you have any further questions - thanks!

| Shopify |
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
Anonymous
Not applicable

Thanks for getting back to me.

 

What is the flow for creating both token types? Should I request an offline token when the app is installed, and then pass the user through oauth a second time to get the online token? As the online token has a limited lifespan, the user will then need to pass though oauth intermittently to refresh the token. Is this correct or is there a best practice for handling this?

dygerati
Tourist
6 0 0

I'm also wondering the same here. Just using the provided koa app, and I'd like to fetch both online and offline tokens. 

Any clues as to the flow here?

Anonymous
Not applicable

Hi @dygerati 

The recommended flow is to request a (permanent) offline token when the app is installed and store that in your app's backend. Then after installation, pass the user through oauth again to request an online (session) token. There shouldn't be any need for any interaction from the user for the second pass as long as you keep the scopes the same.