window.sessionToken is null

[apurbajnu]

I am using React as a front-end engine. After upgrading 17.1 to 17.3.2, this issue appeared.

Auth::user()->token is also null.

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• Package Version: 17.3.2
• Laravel Version: 8.75
• PHP Version: 8.1
• Using a toolset (Docker, Laradock, Vagrant, etc.):

[tinhphantrong0612]

Auth::user()->token is null because you might forget to attach session token to request send from your app to your server, and your window.sessionToken is null, mean for some reasons you don't get session token and store it in window object.
Before version 17.3.0, it flows as:

1. You enter the app.
2. You request to home page of the app.
3. You hit verify.shopify middleware, it checks there is probably no token, so you are redirected to authenticate.token route.
4. In authenticate.token route, you have a view. And it loads app bridge and app bridge utils from shopify cdn. It create app with createApp() then call getSessionToken() to retrieve session token, and you will be redirect to home route with that session token.
5. Now you hit the home route again, and verify.shopify again. Now you have session token, it will allow you to pass.
6. You enter the home page with your session token, you could store it anywhere, and request it again in one minute with getSessionToken.

Now with version 17.3.2, you have SHOP_FRONTEND_ENGINE=REACT it will be like this:

1. You enter the app.
2. You request to app homepage.
3. You hit verify.shopify but now it will allow you to pass.
4. Now you enter the homepage, but you have no session token.
5. Now you have to call createApp(), then getSessionToken() to retrieve session token, store it somewhere then append it as Authorization header in all request from your app.

So yea, get session token from front-end, store it somewhere, attach to your request as Authorization header, or put it on query params is probably work some how.

[Kyon147]

@apurbajnu

If you are using FRONTEND_ENGINE in the ENV and set it to react then it will not use the token.blade file which is used for the blade templates to get the JWT token. When using REACT you need to implement your own AppBridge using something like https://www.npmjs.com/package/@shopify/app-bridge-react

This is an intentional feature, as SPAs don't need this file or the same authentication that blade does so it is "turned off" which is why window.sessionToken is now null for you.