Why am I getting a 401 Unauthorized error on Shopify's App Bridge?

Shopify Apps

Topic summary

A developer encountered a persistent 401 Unauthorized error in their Shopify Remix app starting in April, despite the app functioning properly before. The error originated from app-bridge.js and persisted through multiple troubleshooting attempts including reinstallation, package updates, cache clearing, and codebase refactoring.

Resolution:

  • The issue was solved by disabling the unstable_newEmbeddedAuthStrategy flag (setting it to false) in the future flags configuration.

Additional Solutions from Community:

  • Configuration errors: Check for typos in server secret keys
  • Session/token issues: Manually delete Session rows in the database to refresh tokens, especially after scope changes
  • Clock synchronization: Ensure system clock is synchronized with server time, as time discrepancies can cause token validation failures

The discussion remains open with multiple users sharing their specific fixes for similar authentication problems.

Summarized with AI on October 26. AI used: claude-sonnet-4-5-20250929.
1

I’m having a 401 unauthorization error on our shopify-remix app.

Before April, the application we were working on was working properly, no errors or anything. No unauthorizations. Now this April, this 401 error has haunted us for 2 days now. I don’t know why but the initiator of the error came from app-bridge.js. At first I thought it will just be solved by reinstallation, npm run config:link and use, reauthentication of the account, clearing cache and builds but to no avail, the 401 error just keeps on popping back.

leindfraust_0-1712040213699.png
leindfraust_0-1712040213699.png1186×703 3.54 KB

1.png
1.png881×614 36.8 KB

Following this, I tried to remove any app bridge packages including app bridge types, still doesnt work, so what I tried is to use the app-bridge-react only, still not working. I’ve updated all the packages to their newest stable versions, refactored codebase to reflect changes on the shopify-remix-template. Still the same error.

Lastly, what I’ve tried is just clone the repo and push it to another app on another organization and yes, it is now working. It is not throwing any 401 errors, just 403 (the one we were working require some permissions directly by shopify to be approved). I wonder what happened, why did I get 401 unauthorization on the current app we are working? Can someone help me please.

2

@leindfraust Did you ever solve this?

3

Yes, disabling unstable_newEmbeddedAuthStrategy: false, on future flag solved this.

1 Like
4

Sometimes cross check stuff like secret key in our case they was a typo in the server. I thought it would be great to leave a note.

5

Had a similar issue just now, I had to manually delete the Session row in my database to refresh the token so it can get the new scopes to the token. On my end, probably an issue with not setting up webhooks to update the token when there are app changes; app installation/deletion, scope changes, etc.

6

Hi, I had exactly the same issue and in my case the solution was to synchronize my Windows clock (after ensuring that time and time zone is set automatically). It appears that my shopify server tried to validate a Shopify Session Token, but the clock of my computer was ahead of the shopify server’s clock. Maybe this hint is helpful for some of you in future.