Problem with auth using the session token

Yurii_Rybak · January 8, 2021, 1:45pm

Hi there. We use node.js(express.js), ejs templating and turbolinks to create our app. We implemented session token-based authorization based on an algorithm that Shopify recommends https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens (section “Use session tokens with Turbolinks”). Step 3 describes that we need to get a session token every 50 seconds (This ensures that your session tokens are always valid), but when we get a token after 50 seconds using the getSessionToken method (https://www.npmjs.com/package/@shopify/app-bridge-utils), we don’t get a new token, but a previous one and the token lifetime expires in a couple of seconds. After the next 50 seconds, we get a new token but this token lifetime expires also in a couple of seconds.
We created code to retrieve a session token based on this tutorial https://github.com/Shopify/turbolinks-jwt-sample-app#fetching-and-storing-session-tokens:

async function retrieveToken(app) {
    const AppBridgeUtils = window['app-bridge-utils'];
    let token = await AppBridgeUtils.getSessionToken(app);
    window.sessionToken = token;
  }

  function keepRetrievingToken(app) {
    setInterval(() => {
      retrieveToken(app);
    }, 50000);
  }

Can anyone help me with how to get a new session token every 50 seconds? Open to discussions and can provide more details. I will be glad for any help, thanks.

NabeelAhsen · January 8, 2021, 8:09pm

Hi Yurii, thank you for bringing this to our attention. The recommended retrieval interval of 50 seconds does not seem to be the best suggestion for the reasons you have mentioned. Our team is currently investigating this.

If you need an immediate solution to this, one workaround is to reduce the interval from 50 seconds to roughly 3-4 seconds (3000-4000).

Yurii_Rybak · January 11, 2021, 9:38am

Hi Nabeel, I reduced the interval from 50 seconds to 2 and it works fine. Thanks for the solution.

frankleng · August 4, 2021, 1:11am

any update on this issue? It’s hard to imagine that calling the getSessionToken api every 2 seconds is an acceptable solution.

esp for users who are connecting via cellular data

seems to me we should be parsing the exp timestamp on the jwt, and schedule the refresh accordingly

junjieQQ2 · January 22, 2022, 3:38am

i can not get the sessionToken now, i have no idea. why? please help, thanks

Topic		Replies	Views
App Bridge JWT token expires after 1 minute Tools	2	114	May 20, 2024
Video tutorial on using JWT session tokens to authenticate your embedded app Authentication	14	381	February 27, 2024
Turbolink is loading before getting the session token from the Shopify App Bridge Shopify Apps third-party-apps , shopify-apps	0	46	May 1, 2024
Can't get a session token from official node app sample Tools	0	31	October 19, 2021
Not authenticating with session tokens Shopify Apps shopify-apps	3	32	March 23, 2025

Problem with auth using the session token

Related topics