search

Shopify / shopify-app-bridge

https://shopify.dev/docs/api/app-bridge
88 stars 9 forks source link

Increased reports of APP::ERROR::FAILED_AUTHENTICATION: Failed to retrieve a session token (possibly on non-Chrome browsers?) #74

Closed ascherkus closed 1 year ago

ascherkus commented 3 years ago

Describe the bug

Our session token code has been running reliably in production for months however starting on Aug 16, 2021 we started seeing reports across of the getSessionToken() call failing with APP::ERROR::FAILED_AUTHENTICATION: Failed to retrieve a session token.

This has been happening consistently since for the last few weeks. The error message doesn't give us much to go on nor an appropriate way to handle the error (e.g., is it due to connectivity? is it due to being logged out? is it safe to retry? if so, how many times before giving up? do we just re-use the old token add more slack when verifying the timestamps?)

To Reproduce

Sadly I don't have a consistent way to reproduce it other than having a widely deployed application that constantly is refreshing tokens while having some client-side Javascript error logging framework installed.

Expected behaviour

Ideally root cause the issue and revert back to the previous behaviour where we didn't see this issue pop up (again, we didn't see this for months).

Failing that, much more informative error messages and recommended best practices for handling this error.

Contextual information

Packages and versions

List the relevant packages you’re using, and their versions. For example: "@shopify/app-bridge": "^1.28.0", "@shopify/app-bridge-utils": "^1.28.0", "@shopify/polaris": "^6.2.1",

Platform

This is where there may be some clues ... we've only logged the error on Mac/iPhone/Safari-based browsers and all our Windows reports come from Firefox (i.e., we have 0 reports of it happening on any version of Chrome).

My initial inclination would be that a change was made that relies on some Chrome-specific behaviour because given the popularity of Chrome and Android among our users it's extremely suspicious to have zero reports of this error.

Hope that helps.

Additional context

We are a React based app.

alanthai commented 3 years ago

Could you possibly provide more detail about the frequency of error? Is it on first request or on re-request. Do retries work? We're not seeing session token generation on the backend. I'm having a hard time reproducing it, too.

taketsu commented 3 years ago

I have encountered this error with the following browsers.

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

ascherkus commented 3 years ago

Could you possibly provide more detail about the frequency of error? Is it on first request or on re-request. Do retries work? We're not seeing session token generation on the backend. I'm having a hard time reproducing it, too.

I did more debugging and the only reliable method of reproducing this issue was due to internet connectivity.

Using developer tools to disable internet connectivity I witness the following:

getSessionToken() will still succeed and return what I assume is a cached (and unexpired?) copy of the session token, however dev tools reports that https://monorail-edge.shopifysvc.com/v1/produce fails

Eventually getSessionToken() fails with APP::ERROR::FAILED_AUTHENTICATION when (I assume) it attempts to renew the token by requesting https://xxx.myshopify.com/admin/internal/web/graphql/core?operation=GenerateSessionToken

From that point on, getSessionToken() will keep returning APP::ERROR::FAILED_AUTHENTICATION as calls to GenerateSessionToken keep being made and failing.

When you enable internet connectivity, the next call to getSessionToken() succeeds as the GenerateSessionToken request now works as expected.

As to why we didn't see this in Chrome at first, that was a red herring due to our error logging framework logging the errors differently due to differences in browsers.

For the time being we're treating APP::ERROR::FAILED_AUTHENTICATION as the user being offline but it'd be nice if there were more specific error codes to help distinguish between connectivity vs. other reasons why authenticiation failed.

Given the above feel free to close the issue as this appears to be working as intended.

derrickrc commented 2 years ago

I have also seen this a very small handful of times in my client-side error logging. In my case it's for a POS embedded app so happening in Safari. Thanks for confirming it is internet connectivity related, in my case I try to programmatically reload the window in the event of the error.

kris-tremblay commented 1 year ago

Closing this as inactive. If you are still seeing this issue, please feel free to re-open.

Rafi993 commented 1 year ago

This issue is still there. If this issue is due to internet connectivity would it be possible to change the error message to better indicate the user is offline?