Problem with auth using the session token

Solved

Problem with auth using the session token

Yurii_Rybak
Shopify Partner
6 0 8

Hi there. We use node.js(express.js), ejs templating and turbolinks to create our app. We implemented session token-based authorization based on an algorithm that Shopify recommends https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens (section "Use session tokens with Turbolinks"). Step 3 describes that we need to get a session token every 50 seconds (This ensures that your session tokens are always valid), but when we get a token after 50 seconds using the getSessionToken method (https://www.npmjs.com/package/@shopify/app-bridge-utils), we don't get a new token, but a previous one and the token lifetime expires in a couple of seconds. After the next 50 seconds, we get a new token but this token lifetime expires also in a couple of seconds.
We created code to retrieve a session token based on this tutorial https://github.com/Shopify/turbolinks-jwt-sample-app#fetching-and-storing-session-tokens: 

 

 

  async function retrieveToken(app) {
    const AppBridgeUtils = window['app-bridge-utils'];
    let token = await AppBridgeUtils.getSessionToken(app);
    window.sessionToken = token;
  }

  function keepRetrievingToken(app) {
    setInterval(() => {
      retrieveToken(app);
    }, 50000);
  }

 

 

Can anyone help me with how to get a new session token every 50 seconds? Open to discussions and can provide more details. I will be glad for any help, thanks.

Accepted Solution (1)

NabeelAhsen
Shopify Staff (Retired)
5 2 2

This is an accepted solution.

Hi Yurii, thank you for bringing this to our attention. The recommended retrieval interval of 50 seconds does not seem to be the best suggestion for the reasons you have mentioned. Our team is currently investigating this.

If you need an immediate solution to this, one workaround is to reduce the interval from 50 seconds to roughly 3-4 seconds (3000-4000).

To learn more visit the Shopify Help Center or the Community Blog.

View solution in original post

Replies 4 (4)

NabeelAhsen
Shopify Staff (Retired)
5 2 2

This is an accepted solution.

Hi Yurii, thank you for bringing this to our attention. The recommended retrieval interval of 50 seconds does not seem to be the best suggestion for the reasons you have mentioned. Our team is currently investigating this.

If you need an immediate solution to this, one workaround is to reduce the interval from 50 seconds to roughly 3-4 seconds (3000-4000).

To learn more visit the Shopify Help Center or the Community Blog.

Yurii_Rybak
Shopify Partner
6 0 8

Hi Nabeel

frankleng
Visitor
3 0 0

any update on this issue? It's hard to imagine that calling the getSessionToken api every 2 seconds is an acceptable solution.

esp for users who are connecting via cellular data

seems to me we should be parsing the exp timestamp on the jwt, and schedule the refresh accordingly

junjieQQ2
Visitor
1 0 0

junjieQQ2_0-1642822639532.png

i can not get the sessionToken now, i have no idea. why? please help, thanks