This repository has been archived by the owner on Apr 11, 2024. It is now read-only.
Extend cookie OAuth session to allow initial app loads #70
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
paulomarg
force-pushed
the
extend_oauth_cookie_session
branch
2 times, most recently
from
dfa39c5
to
0e75466
Compare
paulomarg
force-pushed
the
extend_oauth_cookie_session
branch
from
0e75466
to
3945288
Compare
1 task
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WHY are these changes introduced?
While updating
shopify-app-nodeto use this library, I ran into an issue where OAuth worked normally, but since we destroyed the cookie session right away, we were unable to run the initial request to the app in a logged in state, so that the frontend can build its App Bridge and get a JWT.These changes extend the OAuth cookie session by 30 seconds instead of deleting it right away, which allows the app to load itself to cover the above scenario.
WHAT is this pull request doing?
Extending the cookie session, and changing
loadCurrentSessionto fall back to the cookie version if JWT isn't available yet. Since the cookie session is only extended for a short period of time and there is no support for 3rd party cookies baked into the library, any requests made without a JWT from an embedded app would fail outright due to the OAuth session cookie not being available to the server.Type of change