Main issue: In app extension requests, developers receive hmac, shop, and session query parameters. The question was whether the session string can be decoded or used via an API to retrieve user data, similar to JWTs used in embedded apps.
Key details:
Outcome: A Shopify staff response clarified that the session string cannot be parsed. No method or API was provided to derive user information from this session value.
Status: Resolved with clarification; developers should not rely on the session parameter for user data in app extensions.
Hello,
I’m building an app extension, and when I receive a request to my site I get the params:
hmac = '3a.....'
shop = '{shop}.myshopify.com'
session = '885.......'
et.
I can authenticate using hmac, however, I’m curious if there is any information I can get from the session parameter. The session is passed as a string so I can’t decode it like a JWT session token Shopify uses for embedded apps. Is there a way to decode/make an API call with this string to get user data?
Thanks!
Hey @KPal99
The session string can’t be parsed.