diff --git a/lib/auth/oauth/oauth.ts b/lib/auth/oauth/oauth.ts
index 925c63bae..11e3e0a90 100644
--- a/lib/auth/oauth/oauth.ts
+++ b/lib/auth/oauth/oauth.ts
@@ -101,6 +101,8 @@ export function tokenExchange(config: ConfigInterface) {
         Accept: 'application/json',
       },
     };
+
+    log.info(`Token exchange params: , ${JSON.stringify(postParams)}`)
     const cleanShop = sanitizeShop(config)(shop, true)!;
 
     const HttpClient = httpClientClass(config);
diff --git a/lib/session/session-utils.ts b/lib/session/session-utils.ts
index e4f58a4a1..dc261d291 100644
--- a/lib/session/session-utils.ts
+++ b/lib/session/session-utils.ts
@@ -3,6 +3,7 @@ import {SESSION_COOKIE_NAME} from '../auth/oauth/types';
 import {
   abstractConvertRequest,
   Cookies,
+  NormalizedRequest,
   NormalizedResponse,
 } from '../../runtime/http';
 import {sanitizeShop} from '../utils/shop-validator';
@@ -39,20 +40,14 @@ export function getCurrentSessionId(config: ConfigInterface) {
         isOnline,
       });
 
-      const authHeader = request.headers.Authorization;
-      if (authHeader) {
-        const matches = (
-          typeof authHeader === 'string' ? authHeader : authHeader[0]
-        ).match(/^Bearer (.+)$/);
-        if (!matches) {
-          log.error('Missing Bearer token in authorization header', {isOnline});
-
-          throw new ShopifyErrors.MissingJwtTokenError(
-            'Missing Bearer token in authorization header',
-          );
-        }
+      const sessionTokenString = getSessionTokenString(
+        request,
+        config,
+        isOnline,
+      );
 
-        const jwtPayload = await decodeSessionToken(config)(matches[1]);
+      if (sessionTokenString) {
+        const jwtPayload = await decodeSessionToken(config)(sessionTokenString);
         const shop = jwtPayload.dest.replace(/^https:\/\//, '');
 
         log.debug('Found valid JWT payload', {shop, isOnline});
@@ -93,3 +88,33 @@ export function customAppSession(config: ConfigInterface) {
     });
   };
 }
+
+function getSessionTokenString(
+  request: NormalizedRequest,
+  config: ConfigInterface,
+  isOnline: boolean,
+) {
+  const log = logger(config);
+  const url = new URL(request.url);
+  const authHeader = request.headers.Authorization;
+  const authParam = url.searchParams.get('id_token')!;
+
+  if (authHeader) {
+    const matches = (
+      typeof authHeader === 'string' ? authHeader : authHeader[0]
+    ).match(/^Bearer (.+)$/);
+    if (!matches) {
+      log.error('Missing Bearer token in authorization header', {
+        isOnline,
+      });
+
+      throw new ShopifyErrors.MissingJwtTokenError(
+        'Missing Bearer token in authorization header',
+      );
+    }
+
+    return matches[1];
+  } else {
+    return authParam;
+  }
+}