Questions and discussions about using the Shopify CLI and Shopify-built libraries.
Hi,
We are creating a Shopify Embedded app using PHP/Laravel. We have 2 backend apps:
So We need to handle Shopify JWT Session on both backend apps or it is only required on our 1st backend app which is responsible for auth/installation?
Will the main app (i.e. the second backend) handle requests from the frontend?
If so, then it will need to handle session tokens as well.
This section of the docs aims to clarify the difference between session tokens (allow your backend to verify requests from your frontend) and access tokens (allow your backend to make requests to Shopify's backend). Does it make things clearer?
To learn more visit the Shopify Help Center or the Community Blog.
We have two backend app. One is to connect with Shopify for installation & auth and we check for store/user in this app if exists then pass that data to another backend app which shows main ui. So in this case we need a session jwt token for 2nd app? 2nd App auth is currently using Laravel default session so that will works? or we need to change that to jwt session ?
I don't know Laravel well enough, and I'm not sure exactly what data is passed from your 1st app to your 2nd app. Regardless ...
need to change that to jwt session ?
In my opinion, yes.
This would ensure that incoming requests to your 2nd app are coming from Shopify (and not from a malicious attacker).
To learn more visit the Shopify Help Center or the Community Blog.