You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm running into an annoying behavior while using getSessionToken on the client-side React (embedded) app and verifying its validity with Shopify.Utils.loadCurrentSession on the server-side (this is essentially what this does under the hood as it fails if the JWT is invalid) with online tokens enabled. I'm using a project setup that I've pretty much borrowed from the Shopfy node template with React & Express.
It just so happens that I'm running the React app on one machine (my host Windows machine) and the Express server on a WSL Ubuntu VM. These two machines are sometimes out of sync in terms of time by a few seconds. So every now and then the FE machine is a few seconds behind. Then, when making a request, executing getSessionToken in React, it fetches the existing token that it considers valid (I believe there is client-side checking for whether a token needs to be renewed). The request goes to the server and when the server calls Shopify.Utils.loadCurrentSession, I get an Error that the JWT is invalid (I believe this is also based on machine time, since the server-side machine is ahead by 10-ish seconds).
This is a rather annoying situation, since I cannot seem to find a way to request a new session token on the client-side through the exposed AppBridge features and I do not feel it's right forging a GenerateSessionToken GraphQL mutation myself as it seems like a shaky implementation provided something on the Shopify side changes without me adjusting the client app.
This is a tricky situation to run in production, since I cannot be sure what my customers' machine times will be and I could not find a workaround myself.
Please, let me know if I am doing anything wrong.
Thanks for your help.
To Reproduce
Steps to reproduce the behaviour:
Using the shopify app node template, run the FE on one machine and the BE on another.
Manually force the machines out of time sync with the BE being ahead enough time to give you a "faulty" request.
Fire a request with a JWT that is OK from the client-side point of view and expired on the server-side point-of-view.
Expected behaviour
I'm happy handling the Error from Shopify.Utils.loadCurrentSession and refreshing the session token on in the React app on a certain
reponse from the server. I just could not seem to find a way to "force" a generation of a new token through the app-bridge library capabilities.
Packages and versions
@shopify/app-bridge @ 3.2.1
@shopify/app-bridge-react @ 3.2.1
@shopify/shopify-api @ 3.1.3
Platform
Should be irrelevant to the problem. My specific scenario is described above.
Regards,
Delyan
The text was updated successfully, but these errors were encountered:
Hey there,
I'm running into an annoying behavior while using
getSessionToken
on the client-side React (embedded) app and verifying its validity withShopify.Utils.loadCurrentSession
on the server-side (this is essentially what this does under the hood as it fails if the JWT is invalid) with online tokens enabled. I'm using a project setup that I've pretty much borrowed from the Shopfy node template with React & Express.It just so happens that I'm running the React app on one machine (my host Windows machine) and the Express server on a WSL Ubuntu VM. These two machines are sometimes out of sync in terms of time by a few seconds. So every now and then the FE machine is a few seconds behind. Then, when making a request, executing
getSessionToken
in React, it fetches the existing token that it considers valid (I believe there is client-side checking for whether a token needs to be renewed). The request goes to the server and when the server callsShopify.Utils.loadCurrentSession
, I get anError
that the JWT is invalid (I believe this is also based on machine time, since the server-side machine is ahead by 10-ish seconds).This is a rather annoying situation, since I cannot seem to find a way to request a new session token on the client-side through the exposed AppBridge features and I do not feel it's right forging a
GenerateSessionToken
GraphQL mutation myself as it seems like a shaky implementation provided something on the Shopify side changes without me adjusting the client app.This is a tricky situation to run in production, since I cannot be sure what my customers' machine times will be and I could not find a workaround myself.
Please, let me know if I am doing anything wrong.
Thanks for your help.
To Reproduce
Steps to reproduce the behaviour:
Expected behaviour
I'm happy handling the Error from
Shopify.Utils.loadCurrentSession
and refreshing the session token on in the React app on a certainreponse from the server. I just could not seem to find a way to "force" a generation of a new token through the app-bridge library capabilities.
Packages and versions
@shopify/app-bridge
@3.2.1
@shopify/app-bridge-react
@3.2.1
@shopify/shopify-api
@3.1.3
Platform
Should be irrelevant to the problem. My specific scenario is described above.
Regards,
Delyan
The text was updated successfully, but these errors were encountered: