How do we load the session to make requests to GraphQL/REST?

[ivorpad]

I'm trying to load the session via Shopify.Utils.loadCurrentSession(req, res, true) but after reading the code I noticed it first checks if the request is valid with validateCallback which then checks for the presence of a cookie called shopify_app_session.

When I make a request to the server via the front-end the cookie is not sent because cookies are not allowed in Shopify Apps, thus cookies are empty and fails to load the session object. Of course, if I set a shopify_app_session cookie when the app is first loaded it works as expected, but it will be rejected due to the usage of cookies.

How do we solve this?

What I'm doing right now is returning the session object from the validateCallback callback and then store this somehow e.g. accessToken and session ID in DB and shopOrigin in the client (sessionStorage, etc) for easy access. Is that the correct approach?

[ivorpad]

It's cool that I'm able to get the offlineToken, but I still have issues to call loadCurrentSession because it tries to find a shopify_app_session cookie and afaik cookies are not allowed in embedded apps.

[ivorpad]

Oh! So we just need to pass the JWT. This is neat.

https://github.com/Shopify/shopify-node-api/blob/766317d6419d0f8b1600e917f63de21f91f65106/src/auth/oauth/oauth.ts#L233-L244