What's your biggest current challenge? Have your say in Community Polls along the right column.
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Re: Embedded App JWT Session Token on 2 backend Logic

Embedded App JWT Session Token on 2 backend Logic

tanseer_poptin
Visitor
3 0 0

Hi,

We are creating a Shopify Embedded app using PHP/Laravel. We have 2 backend apps: 

  1. Our Shopify app (written in PHP) interact with Shopify for auth/installation
  2. Our main app (written in Laravel) is shown to the user after auth/installation is completed by our 1st app using the redirect method.

So We need to handle Shopify JWT Session on both backend apps or it is only required on our 1st backend app which is responsible for auth/installation?

Replies 3 (3)

JoeyF
Shopify Staff (Retired)
35 7 12

Will the main app (i.e. the second backend) handle requests from the frontend?

If so, then it will need to handle session tokens as well.

 

This section of the docs aims to clarify the difference between session tokens (allow your backend to verify requests from your frontend) and access tokens (allow your backend to make requests to Shopify's backend). Does it make things clearer?

To learn more visit the Shopify Help Center or the Community Blog.

tanseer_poptin
Visitor
3 0 0

We have two backend app. One is to connect with Shopify for installation & auth and we check for store/user in this app if exists then pass that data to another backend app which shows main ui. So in this case we need a session jwt token for 2nd app? 2nd App auth is currently using Laravel default session so that will works? or we need to change that to jwt session ?

JoeyF
Shopify Staff (Retired)
35 7 12

I don't know Laravel well enough, and I'm not sure exactly what data is passed from your 1st app to your 2nd app. Regardless ...

 


need to change that to jwt session ?


In my opinion, yes.

This would ensure that incoming requests to your 2nd app are coming from Shopify (and not from a malicious attacker).

To learn more visit the Shopify Help Center or the Community Blog.