Session Token Issue

[syx-pravin]

After following the installation document and completing the setup, I noticed the following issue.

App works as expected in Chrome browser, but embedding app doesn't work in incognito mode.

In addition, I have two questions regarding the implementation of session tokens:

1. Does the session token need to be used even if the backend does not call the Shopify API?
2. What is the best way to determine whether we are meeting the requirement? I saw some apps got rejected because The app shows an error when the 3rd party cookies are blocked.

[Kyon147]

Hi @syx-pravin

JWT is cookieless, and is the way for you to authenticate the user loading your app in Shopify is who they say they are.

So even if you don't use the Shopify API for additional functionality, it is a security requirement for all apps to use JWT.

Using JWT means you won't get the "3rd party cookies blocked message" as your app no longer uses cookies.

I've used this package multiple times incognito on all of my apps when testing, so it sounds like you have a set up issue maybe.