Shopify app online access token mode in php Laravel template

Shopify Apps
,

Topic summary

Switching a Shopify app (PHP Laravel CLI template) from offline to online access mode caused OAuth failures: the app didn’t load and redirected to an error after only changing ACCESS_MODE_ONLINE in EnsureShopifySession.

Resolution shared: two code changes are required for online access mode.

  • In EnsureShopifySession::handle(Request $request, Closure $next, string $accessMode = self::ACCESS_MODE_OFFLINE), set the default accessMode to ACCESS_MODE_ONLINE.
  • In AuthRedirection::redirect(Request $request, bool $isOnline = false), change the default $isOnline to true.

These adjustments ensure the middleware and auth redirect both request user-online sessions, aligning OAuth with online tokens.

Outcome: With both defaults updated, the app loads correctly using online access mode. No further issues or disagreements were reported.

Status: Resolved. Code changes (function defaults in EnsureShopifySession and AuthRedirection) are central to understanding the fix.

Summarized with AI on February 1. AI used: gpt-5.
1

We are developing an app based on the php laravel template of the shopify CLI, almost every thing working as expected until now, but as we move forwards we might have interest to use the “online access mode” rather than the default offline mode, and based on this info https://github.com/Shopify/shopify-api-php/blob/main/docs/usage/oauth.md I assumed that I could just change the present default configuration to online and this would just work, I change the default access mode in the “EnsureShopifySession” class to
“ACCESS_MODE_ONLINE” but unfortunately the app OAuth didn’t like these changes and the app didn’t load and was redirecting me to an error

I would be glad to hear if someone knows how to use the “access online mode”

2

If anyone ever faces the same issue, I think I found the answer

in the

class EnsureShopifySession
change to

ACCESS_MODE_ONLINE
in the function

function handle(Request $request, Closure $next, string $accessMode = self::ACCESS_MODE_OFFLINE)

then in the

class AuthRedirection

change the default

bool $isOnline to true
in the function

public static function redirect(Request $request, bool $isOnline = false :disappointed_face: RedirectResponse

1 Like