Hi JHLEE,
The source code from the demo is based off of this repo.
https://github.com/Shopify/shopify-app-node/blob/master/pages/_app.js
Topic summary
Mandatory Migration Deadline:
Shopify requires all embedded apps to switch from cookie-based authentication to JWT session tokens by January 1, 2022. New apps must already comply with this requirement.
Tutorial Resource:
A comprehensive video tutorial demonstrates implementation using App Bridge and Shopify CLI. The tutorial covers:
- Session token fundamentals and cookie limitations
- Token lifecycle and structure
- Frontend and backend implementation
- Differences between session tokens and access tokens
Common Implementation Issues:
Token Expiration Concerns:
- Tokens expire after 1 minute, raising UX concerns about forced re-logins
- Solution:
getSessionToken()method automatically polls and refreshes tokens before expiration - Developers don’t need to manually manage token refresh
Technical Challenges:
- “Enable cookies” notices persisting despite token implementation
- React-specific compatibility requires App Bridge React v1.x (not v2.x latest)
- PHP/CodeIgniter developers seeking framework-specific guidance
- Host parameter configuration issues (must be retrieved dynamically from URL)
Key Clarification:
Session tokens should be included with every frontend request to identify users, even for non-Shopify API calls within embedded apps.
Status: Discussion remains active with developers troubleshooting framework-specific implementations and seeking additional code examples.
1 Like