Solved

Offline session "forbidden" after working for months.

rustcity
Shopify Partner
13 2 2

App is fulfilment service and polls Admin API for assigned fulfilment orders.

No auth problems since deployment.  

Now requests made with offlineSession yield 503 forbidden.

Regenerating the offline token does not help as it simply regenerates the same existing token (offline session tokens appear deterministic...).

 

I can only think the app's been cut-off because it was polling too often?  


Must the app be uninstalled and reinstalled?  Quite confused.

Accepted Solution (1)

rustcity
Shopify Partner
13 2 2

This is an accepted solution.

Neither of the above cases ---  I'm simply not of the upmost intelligence and during dev had a plain text token written in a public codebase.  The token was not valid or anything, however Shopify as a security precaution has web crawlers searching public repos just for this very reason.  My app was subsequently flagged.

This is a great security feature. 

View solution in original post

Replies 2 (2)

rustcity
Shopify Partner
13 2 2

I haven't changed scope settings in the .env file, however looking at some slightly related problems seems to suggest it may be.

Has anything updated with regards to the scope namespace in the last few days on shopify's end?

rustcity
Shopify Partner
13 2 2

This is an accepted solution.

Neither of the above cases ---  I'm simply not of the upmost intelligence and during dev had a plain text token written in a public codebase.  The token was not valid or anything, however Shopify as a security precaution has web crawlers searching public repos just for this very reason.  My app was subsequently flagged.

This is a great security feature.