Had a similar issue just now, I had to manually delete the Session row in my database to refresh the token so it can get the new scopes to the token. On my end, probably an issue with not setting up webhooks to update the token when there are app changes; app installation/deletion, scope changes, etc.
Topic summary
A developer encountered a persistent 401 Unauthorized error in their Shopify Remix app starting in April, despite the app functioning properly before. The error originated from app-bridge.js and persisted through multiple troubleshooting attempts including reinstallation, package updates, cache clearing, and codebase refactoring.
Resolution:
- The issue was solved by disabling the
unstable_newEmbeddedAuthStrategyflag (setting it tofalse) in the future flags configuration.
Additional Solutions from Community:
- Configuration errors: Check for typos in server secret keys
- Session/token issues: Manually delete Session rows in the database to refresh tokens, especially after scope changes
- Clock synchronization: Ensure system clock is synchronized with server time, as time discrepancies can cause token validation failures
The discussion remains open with multiple users sharing their specific fixes for similar authentication problems.