We have just migrated our app to use the latest version of AppBridge (v4)
According to the migration guide:
The useAuthenticatedFetch() hook is deprecated as the latest version of App Bridge injects auth into the global fetch function.
When asked Partner support about this issue they referred me to this guide: Set up session tokens
However this is ~3 years out of date, and seems to be for App Bridge v2. There is even being referred to multiple deprecated packages/functions on this page like:
import { authenticatedFetch } from "@shopify/app-bridge/utilities"; → deprecated package
import createApp from "@shopify/app-bridge"; → deprecated in v4
So which one is it? You tell us in the migration guide that useAuthenticatedFetch is no longer needed, and when contacting support about this, refer to a completely out of date guide. This seems like a total jungle to navigate.
I have confirmed that all our calls going to the backend from our embedded app has all the necessary authorization headers:
In v4, Shopify modifies fetch itself to include authorization headers:
App Bridge injects automatic authorization into the global fetch function. While this is transparent and should not interfere with existing fetch code, this injection can be disabled using the disabledFeatures configuration option.
The title is definitely a bit vague, but I think that was on purpose because now fetch can also be used to query the Admin API directly, and you don’t need to proxy through your app any more.
I’m not so sure based on your answer, that you have read my post fully? I have linked to this very same guide in my post. This answer does not help me.
Sorry my coffee’s a little late to kick in this morning. I missed your opening sentence about the new pre-authenticated fetch.
The reality is that Partner Support doesn’t build and support apps. The most up to date information will be provided by Shopify’s Dev team as documentation. It’s up to you as a Partner to read the changelog and documentation and implement the changes.
Shopify Partner Support will try their best to find answers, but they might not understand the minutiae between the AppBridge version guides.
I treat the documentation as the most up to date information on implementation and API details. Then Partner Support if I have issues with administration issues such as questions about specific payout charges, etc. - not low level details on building apps.
If you’ve migrated to AB4 and you’re still seeing this notice when looking to submit for review, it could be an issue on our side. DMing you for app details now.
Updating here that Magnus’s app is now showing session tokens as being used. It appears the check wasn’t updated recently to record if session tokens were implemented corrected. For reference, to manually run this check, you can log into your app on a dev store to create a new session. Checks can take up to 48 hours however.
