Token Expiry Issue When Using Extension

[AminRafaey]

Hi @kinngh, I’m running into a specific issue with the extension part of the app and wanted to ask for your insight. I am using your repo as a starter template.

🐞 Problem

Everything works perfectly when users access the embedded app. However, when they try to use the extension directly (e.g., via the product or order page), they get an authentication error because the token seems to have expired.

Once the user opens the main app manually, the token gets refreshed and the extension starts working fine afterward.

❓Question

How can I proactively ensure the session/token is refreshed or valid before a user interacts with the extension?

Is there a recommended pattern you suggest for keeping the session alive or refreshing it in the background when the extension loads?

Thanks again for the great work and looking forward to your advice!

[kinngh]

Instead of using online tokens, use offline tokens for auth

Why are you not using the verifyCheckout middleware that was specifically introduced for interacting with UI Extensions? Docs here

[AminRafaey]

@kinngh But verifyCheckout is only assigning req.user_shop = shop — it doesn’t actually handle or validate the session itself. So I’m not sure how it’s supposed to help in preventing the 401 errors. I’ve already added it, but I’m still getting 401 responses intermittently.

[kinngh]

    const authHeader = req.headers["authorization"];
    if (!authHeader) {
      throw Error("No authorization header found.");
    }

    const payload = validateJWT(authHeader.split(" ")[1]);

There's clearly a check happening, also you need to respond to a OPTIONS call

 if (req.method === "OPTIONS") {
    res.status(200).end();
    return;
  }