darrynten
commented
1 month ago How does this X-Shopify-Retry-Invalid-Session-Request header work?
Other undocumented fun includes the shopify-reload query parameter and the X-Shopify-Bounce header.
Open prajaybasu opened 1 month ago
darrynten
commented
1 month ago How does this X-Shopify-Retry-Invalid-Session-Request header work?
Other undocumented fun includes the shopify-reload query parameter and the X-Shopify-Bounce header.
prajaybasu
commented
2 weeks ago @darrynten Sorry for the late response, based on what I can see, it simply asks App Bridge v4 to resend the fetch request with a new Session Token (invisible to the consumer, the promise just returns as normal once the internal retry succeeds). And yes, I've seen those other 2 undocumented features as well.
Describe the bug
For those of us that decided to implement App Bridge v4 and token exchange without Remix, the behavior of
X-Shopify-Retry-Invalid-Session-Requestin App Bridge does not seem to be included in the documentation anywhere.The older
X-Shopify-API-Request-Failure-Reauthorize-Urlis also not really documented either, however it was part of both the frontend and backend templates in multiple languages and not a part of the library.The same is not the case for
X-Shopify-Retry-Invalid-Session-Requestwhich has now become a part of the closed source App Bridge v4 library (along withX-Shopify-API-Request-Failure-Reauthorize-Url), which is why I believe it's quite important that the App Bridge library documents how it deals with 401s.I used the following documentation when implementing my frontend and backend:
https://shopify.dev/docs/api/app-bridge-library/apis/resource-fetching https://shopify.dev/docs/apps/build/authentication-authorization/set-embedded-app-authorization?extension=javascript https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/token-exchange