getSessionToken does not resolve when app is misconfigured

[tobymurray]

Describe the bug

app_bridge_utils.getSessionToken(app) does not resolve

To Reproduce

I'm not sure what the difference is (application install date, perhaps?), but for some stores this code does not work

   <script src="https://unpkg.com/@shopify/app-bridge@3"></script>
   <script src="https://unpkg.com/@shopify/app-bridge-utils@3"></script>

   <script>
      var host = "{{ host }}";
      var AppBridge = window['app-bridge'];
      var app_bridge_utils = window['app-bridge-utils'];
      var app = AppBridge.createApp({
         apiKey: "{{ api_key }}",
         host: host
      });
      promise = app_bridge_utils.getSessionToken(app)

promise never resolves.

Expected behaviour

Whether successful or not, the promise should resolve with either a token or an error.

Contextual information

Packages and versions

app-bridge 3.7.4 (also tried with 3.5.1, same outcome) app-bridge-utils 3.5.1

Platform

• App: Firefox

Additional context

This is vanilla JavaScript inline that hasn't changed since July (been pinned to major version 3). I see on NPM that app_bridge_utils has been deprecated, but it's not obvious what the equivalent to the new code is as there's no information there?

[charlesdobson]

Hi @tobymurray 👋🏼

Can you try importing getSessionToken directly from app-bridge and let me know if you're seeing anything different?

You can get it from @shopify/app-bridge/utilities.

We expose all of @shopify/app-bridge-utils through the main @shopify/app-bridge library now.

[tobymurray]

tl;dr: the behavior that exposes this bug is a configuration error, the promise should still resolve as an error

I believe I've found the root cause of why this has changed for installations of my application - it looks like the general issue is around the new URLs. Manually configuring this with a base64 encoded host that looks like toby-test-store2.myshopify.com/admin elicits the above issue. Swapping it to a base64 encoded host that looks like admin.shopify.com/store/toby-test-store2 "works".

I see the documentation here that says:

The host of the specific shop that's embedding your app. This value is provided by Shopify as a URL query parameter that's appended to your application URL when your app is loaded inside the Shopify admin.

So it looks like historically I was using the shop parameter with /admin tacked onto it and that has broken as shop and the admin path are no longer the same.

[henrytao-me]

As you mentioned, it's not recommended to manually construct the host param. There is no way for us to directly catch the error if the client sends incorrect host, therefore we cannot return error. However, if you inspect the browser, you should see invalid origin message from the browser.

I will close this issue for now but feel free to reopen if necessary.

[andriusvo]

@tobymurray How you handled this issue? Because it seems the same for me. Want to develop locally and specified specific host - not working :(

[tobymurray]

@andriusvo I ran into this because I was using a base64 encoded host parameter that looked like toby-test-store2.myshopify.com/admin. The actual host that Shopify needed was a base64 encoded parameter that looked like admin.shopify.com/store/toby-test-store2. Instead of constructing the host myself, I used the value Shopify provides.

Specifically, instead of taking the shop parameter Shopify gives us for /install endpoint and building the host from that, I took the host parameter directly.

[andriusvo]

It could be related with my issue https://github.com/Shopify/shopify-app-bridge/issues/192 That I'm developing locally and none of specified hosts is working at the moment.. Why I'm saying that is related is that getSessionToken not returning anything