Redirect to app-bridge-next bounce page if session token is invalid & Auth header doesn't exist
Respond with 401 if auth header exists and session token is invalid. If the app's front-end is using CDN version of app bridge next, it'll automatically be retried. otherwise, the 401 error will be exposed.
Tophatting-
📹 Redirecting to bounce page on initial app render (we are not parsing id_token from URL param yet, so session token will be invalid initially, this redirect shouldn't be hit as often once we are using id_token)
For testing - I created a temp global variable count that raises an "invalid session token" error on every other try.
📹 App configured with app bridge from CDN - The initial create failed from invalid session token, since X-Shopify-Retry-Invalid-Session-Request is set from the response, app bridge will retry create with new session token, thus passing the second time
What this PR does
Tophatting-
id_token
from URL param yet, so session token will be invalid initially, this redirect shouldn't be hit as often once we are usingid_token
)create
failed from invalid session token, sinceX-Shopify-Retry-Invalid-Session-Request
is set from the response, app bridge will retrycreate
with new session token, thus passing the second timecreate
returns 401 in every other request from my test setup..Checklist
Before submitting the PR, please consider if any of the following are needed:
CHANGELOG.md
if the changes would impact usersREADME.md
, if appropriate./docs
, if necessary