With the strong focus on privacy, browsers have recently started phasing out support for the 3rd party cookie. This has caused issues for embedded apps which until now have required the use of 3rd party cookies. Our new App Bridge auth beta introduces “session tokens” to empower developers to creat…

@Michael_Ragalie thanks for the response, makes sense. In my case, both of my apps are POS embedded apps and so the “session” is always quite short and moment in time for the merchant. Please keep us updated when JWT becomes available for POS embedded apps.

I don’t know if we have any apps using it on POS, but I think it should work. Was there a problem you were running into with it?

@Michael_Ragalie I actually haven’t tried it yet, I thought I saw on page 1 or 2 of this thread that someone else asked about it for POS and was told it wasn’t ready. But based on reading the documentation, I also don’t see a reason it shouldn’t work. Thanks for following up.

I’m finding the documentation lacking, i’ve tried trawling through the app-bridge code but that wasn’t much help either. Ideally it would be great if i could embed my app admin functionality but its not a shopify specific application so i don’t really want to pollute it with shopify specific libs a…

I think you’ll need to use App Bridge to get a token. The “manual” approach is still using App Bridge, just lower level aspects of it.

If you’re redirecting users to a subscription URL from your app, the redirect will cause an IFRAME issue in the browser. You need to perform the redirection from outside your app IFRAME. Either using the AppBridge redirection, or using window.top.location.href.

This isn’t the issue. I’ve been sent a screencast by the tester show he/she had been testing in Incognito mode. They failed the submission (again), naming ‘SameSite’ as the issue (I guarantee this is done correctly). You can validate by visiting https://samesite-sandbox.glitch.me/ in a normal chrom…

@optizio are you using the shopify_app gem? I had built an app using the shopify_app gem and it also failed naming the samesite issue with an infinite redirect issue (though I simply could not reproduce). I ended up migrating away from shopify_app gem and using my own auth and got it to pass.

@Michael_Ragalie I’ve finally gotten around to playing around with this and I have a question. I found the npm library which seems to work well (thank you Leigh Barnes). However, there’s part of my app’s server that will be hosted on Google Apps Script and I have to manually decode and verify the J…

Introducing cookieless authentication beta with App Bridge

Retired Boards Appdev Tools

optizio October 8, 2020, 12:05am 86

Are apps that don’t use this method getting rejected? We’ve had an application rejected because (we believe) the tester was using incognito mode.

Topic		Replies	Views
Video tutorial on using JWT session tokens to authenticate your embedded app Authentication	14	393	February 27, 2024
Authenticated fetch for new cookie policy error Graphql Basics And Troubleshooting	24	309	June 9, 2021
Shopify App Bridge Requirement Tools	3	141	February 22, 2022
session tokens and not rely on 3rd party cookies to function properly. Shopify Apps third-party-apps , shopify-apps	1	59	October 16, 2024
Shopify App Gets Caught in Infinite 'Enable Cookies' loop in Safari Authentication	79	982	February 9, 2023

Introducing cookieless authentication beta with App Bridge

Related topics