I am using the createCustomerAccountClient function from Shopify’s hydrogen package to manage authentication on my headless storefront. The problem is that the refresh token cannot be exchanged from shopify’s server. I am using a local version of Hydrogen to debug (with no changes) and am receiving an unsupported_grant_type error.
The access grant included - its type or another attribute - is not supported by the authorization server.
This error clears the session and the user is shown as no longer logged in every hour. I can’t seem to find any documentation on the proper grant type to use or why this is failing. This is the code from the hydrogen package:
const body = new URLSearchParams();
body.append('grant_type', 'urn:ietf:params:oauth:grant-type:token-exchange');
body.append('client_id', clientId);
body.append('audience', CUSTOMER_API_CLIENT_ID);
body.append('subject_token', authAccessToken);
body.append(
'subject_token_type',
'urn:ietf:params:oauth:token-type:access_token',
);
body.append('scopes', 'https://api.customers.com/auth/customer.graphql');
const headers = {
'content-type': 'application/x-www-form-urlencoded',
'User-Agent': USER_AGENT,
Origin: httpsOrigin,
};
const startTime = Date.now();
const url = customerAccountTokenExchangeUrl;
const response = await fetch(url, {
method: 'POST',
headers,
body,
});