Redirect to app-bridge-next bounce page if session token is invalid & Auth header doesn't exist
Respond with 401 if auth header exists and session token is invalid. If the app's front-end is using CDN version of app bridge next, it'll automatically be retried. otherwise, the 401 error will be exposed.
Tophatting-
📹 Redirecting to bounce page on initial app render (we are not parsing id_token from URL param yet, so session token will be invalid initially, this redirect shouldn't be hit as often once we are using id_token)
For testing - I created a temp global variable count that raises an "invalid session token" error on every other try.
📹 App configured with app bridge from CDN - The initial create failed from invalid session token, since X-Shopify-Retry-Invalid-Session-Request is set from the response, app bridge will retry create with new session token, thus passing the second time
What this PR does
Tophatting-
id_tokenfrom URL param yet, so session token will be invalid initially, this redirect shouldn't be hit as often once we are usingid_token)createfailed from invalid session token, sinceX-Shopify-Retry-Invalid-Session-Requestis set from the response, app bridge will retrycreatewith new session token, thus passing the second timecreatereturns 401 in every other request from my test setup..Checklist
Before submitting the PR, please consider if any of the following are needed:
CHANGELOG.mdif the changes would impact usersREADME.md, if appropriate./docs, if necessary