-
Notifications
You must be signed in to change notification settings - Fork 64
Session is not updated when logging out and logging in again and the requests to backend stop working #90
Comments
Hey @ilugobayo, I think you're getting that error because when you call your This was a bug in our example app, which was recently fixed (in
Could you please try that out to see if it fixes your problem? If it doesn't we can investigate whether it's a bug in our package. Hope this helps! |
Hello again @paulomarg I tried what you suggested without success, I added the headers option in my endpoints
Also, my ngrok log shows 200 for every request I even checked if that header was present where I make the request to the Shopify Admin, which is something like this:
but since the accessToken is invalid, I get no response, therefore, no header, tried this as well with Postman, same result. Last night I made a more structured comment after my debugging, maybe that can give you more details about my issue, here. Do you think that the session token not actually being expired is affecting? I mean, its expire date is still in the future, therefore, it technically isn't expired yet and maybe the verifyRequest() function considers it a valid session. |
Hey @ilugobayo, I think you're absolutely right - the session isn't expired for us in this scenario, even though the access token is no longer valid, so we're not triggering the re-auth. We'll fix this, great catch! |
Thank you @paulomarg! I'll be waiting for the update! |
@paulomarg any update on this issue? Do you have a timeline? |
Hi guys, any updates on when this fix will be merged? |
Is the workflow and basic app skeleton presented here way off the beaten path for "normal" "modern" Shopify apps? What's the current recommended way of doing things? I'm running into exactly these problems and confused how any app is working using the current examples. Is everyone just using offline session when they "shouldn't" be? Or is this Koa stuff just a weird side shoot and isn't really given much love by Shopify and we should find something else? |
I think my comment here is relevent to this? #64 (comment) |
My current workaround that appears to be working is modifying the modified The problem though is this is pretty bad ux for my customer. My app is usually interacted with by arriving via an admin link. If the token is invalid for whatever reason (user logged out then back in again) my app appears to be broken on the first use. My customer clicks on Orders, finds the order they want, clicks More Actions, clicks Generate Load Slip, gets to my app. My app's frontend graphql request gets a 401, redirects to /auth and then dumps the user at my apps /index page and my app has no idea what admin link was originally clicked or for what Order. The app bridge redirect doesn't allow query parameters and I don't even know if the auth flow would preserve them. And on the backend, the koa-shopify-auth takes over the /auth endpoint so I can't really control what's sent back to the redirect unless I override that. What is the solution to redirecting after authenticating? Am I missing something really obvious here? Thanks! import { authenticatedFetch } from '@shopify/app-bridge-utils';
import { Redirect } from '@shopify/app-bridge/actions';
const userLoggedInFetch = (app) => {
const fetchFunction = authenticatedFetch(app);
return async (uri, options) => {
const response = await fetchFunction(uri, options);
if (
response.headers.get('X-Shopify-API-Request-Failure-Reauthorize') === '1'
|| response.status === 401 // <-------------- catches the 401s
) {
const authUrlHeader = response.headers.get(
'X-Shopify-API-Request-Failure-Reauthorize-Url',
);
const redirect = Redirect.create(app);
redirect.dispatch(Redirect.Action.APP, authUrlHeader || `/auth`);
return null;
}
return response;
};
};
export { userLoggedInFetch }; |
@nolandg the last diagnosis is it, the app department pushes for no cookie implementation for new apps, while it's a new release for node stack and there's basically one maintainer on this middleware. I've been here for months, unable to ship the app because of this SPOF. |
Hi all, I've deployed #94 with version 4.1.3, please upgrade and try the fix! Let us know if you still run into any issues. |
Issue summary
The session isn't updated after logging out and logging in again to the admin dashboard and the app pages load but don't show anything since the data required isn't retrieved because the requests to the backend fail.
Expected behavior
After logging out and logging in to the admin dashboard and open the app from the apps menu, the session should be updated and the the app should load after retrieving the data and display any of the pages as follows:
Actual behavior
The app loads but the page shows a custom error banner which means that the retrieval of the data from the backend failed, one of the banners is as follows:
Directly going to one of the other pages that are not
index.js ('/')
sends me to the auth process again, adds a new temporary session to the database and updates the actual session (in this case I also update theaccessToken
because I'm currently testing with online mode).I'm not really sure if I'm missing something in my code, I've been reading a lot of documentation and seeing several examples trying to figure out how to have the new authentication completely implemented since it's the last thing the app review team told me to fix.
At this point I already have the
CustomSessionStorage
implementation and the custom API routes to my server withauthenticatedFetch
. I've read that you should check several things in the server which has me confused:ACTIVE_SHOPIFY_SHOPS
object in the code, but since I already have a function to insert/update a row in my database whenever the app is installed/uninstalled or paid, I'm not really sure if I should keep using (and therefore, persist) that object.verifyRequest()
, so I'm not sure if the function already handles this and manually decoding and verifying the token is an extra step at this point. Currently, I'm using the decoded token only to get the shop domain to retrieve the required data and send it to the frontend.My code is currently as follows:
server.js
sessionHandler.js
_app.js
index.js
The text was updated successfully, but these errors were encountered: