-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWT::ExpiredSignature #424
Comments
I've been debugging a similar issue, what I do to get into the appropriate state is load the app, go to a secondary route, wait for over 24 hours and then right-click the app and select "Reload frame" which then triggers the error. This long wait is the only way I've been able to reliably reproduce our particular version of this expired signature bug, perhaps it will help you debug yours. |
Thanks for sharing! That's weird. Reloading the frame triggers a regular HTTP request so I wouldn't expect the JWT to be present anyway, right? Besides, it looks like each token expires after 1 minute, so why would it trigger an error only after 24 hours? We're seeing the error often with one particular merchant. I reached out to them to get more info on how they use the app, to get more clues. My guess, based on some timestamps, is they probably leave the app open for a while before doing any action. This causes the cached token to expire. Before triggering another Edit: Today we got a bunch of these errors, from multiple merchants... This is getting frustrating. |
There's a JWT present on the URL in the On that note, once the user has passed this 'session-token-bounce' phase I no longer have to wait a long time for the bug to manifest, it can trigger after just 2 minutes of waiting before right-click -> reload frame (provided session token bounce flow has happened). |
Describe the bug
Almost daily, we see a few
JWT::ExpiredSignature
errors in the backend. It appears AppBridge is failing to get a fresh token and submits the request with the expired token anyway.To Reproduce
We can't reproduce the error. It happens randomly when merchants are interacting with the app throughout the day.
Expected behaviour
AppBride would ensure the submitted JWT is always valid before submitting the request.
Contextual information
Packages and versions
@shopify/shopify_app
@22.4.0
AppBridge
from CDN@hotwired/turbo-rails
@2.0.6
Additional context
I think perhaps AppBridge should halt submissions that don't have a valid token, or throw a specific error that we could catch and try to submit again.
I don't know in which layer the issue is happening:
The text was updated successfully, but these errors were encountered: