State of shopify-app-express

Shopify CLI and Libraries
1

I was wondering what the current state of the shopify-app-express package is, and if Shopify is still actively supporting it. I haven’t been able to find any statements about this.

I see it listed right next to shopify-app-remix in the shopify-app-js repository, however it doesn’t seem like it is up to date or even still being worked on in a meaningful way.

Specifically it seems to still be missing support for managed app installations, managed billing, and probably more features that I’m not currently aware of. It seems to me like Shopify is highly prioritizing Remix, and seems to be leaving everything else up to the dev community (which is totally fine btw, but would be nice to know)

Right now we are in the process of trying to move over to using managed installations, and the only viable way for us seems to be to ditch the reliance on shopify-app-express and writing our own wrapper.

With that said, it’s pretty frustrating how hard it is to find good documentation surrounding this topic. Lot’s of Shopify’s own documentation is either out-of-date, non-existent or really hard to find.

Examples:

  1. Here it says that managed installations are recommended for embedded apps

  2. Alright then, lets read about token exhange

  3. Under “Non-remix App” brings us to docs regarding shopify.auth.tokenExchange

  4. The first line links to session tokens, and access tokens (which is a dead link btw)

  5. Reading the session tokens page it says this:

For the most part, you shouldn’t have to manage the anatomical details of session tokens. In most scenarios, you’ll use a library, such as authenticated_fetch from app-bridge, which generates and includes the session token in your requests. On the backend, you can use middleware similar to validateAuthenticatedSession in @shopify/shopify-app-express.

Okay? but this is not at all talking about managed installations, rather the older “Authorization Code Grant Flow” that we are trying to move away from. Also in app-bridge v4 we no longer need to use authenticated_fetch as the authorization gets automatically injected into global fetch. Also it is directly referring to shopify-app-express which doesnt support managed installations.

So now it’s not really clear what the right path is from just reading the docs. Rather we are just relying on assumptions that we ourselves have to make. Either from piecing together bits and pieces of what documentation there is, where it is not clear what is out-of-date and what isn’t, or from reading through the code on GitHub. We find that the docs a lot of times leads us down the wrong paths, because it’s a mixture of outdated/updated info.

I’m almost certain that we are not the first ones trying to migrate our express embedded apps to these new “managed” systems, are we missing something here?

1 Like
2

Hey @Magnus_Fischer :waving_hand:

Thanks for reaching out here. definitely get where you’re coming from. I dug a bit into our documentation as well and I agree that it’s not the most clear in terms of process or clarity on support for the Express Library.

You are right though that Remix is currently one of our main development focuses when it comes to 3P app frameworks, but I’m more than happy to touch base with our development team internally for clarity on the current status of shopify-app-express for you and the recommended path for Express apps wanting to implement managed installations there. These are for definitely valid questions, especially since the Express repo’s main components seem to have been last updated almost a year ago.

I can’t guarantee a specific turnaround time, but I’ll ping you in this thread as soon as I have more information.

Thanks again for raising this - speak with you as soon as I have more info

1 Like
3

@Alan_G Thank you, I appreciate it.

4

No worries! I was able to touch base with our devs on this for you pretty quickly here.

I was able to confirm with them that our Express library isn’t the top priority at the moment, but my understanding is that we aren’t fully deprecating it in the near term and one of our developers will be getting in touch with the product team directly to flag the documentation inconsistencies so that we can make some improvements for folks who are not using Remix-based app templates.

Another one of the developers who was helping me out suggested using the following doc when it comes to managing session token/managed installation config for non-Remix apps: Set up embedded app authorization

Taking a look there, I think this should help connect the dots between managed installation concepts and token exchange, but if I can assist further, just let me know and I’ll take a look with you.

I also just wanted to confirm I passed your feedback on the docs and the state of the Express library on directly to our developers so this is on their radar.

Let me know if you have any other questions and I hope this helps a bit!

1 Like
5

Thank you, this helped us out a lot!

Since we don’t use the ExitIframe component anymore with the new auth flow. Is there a smart way to redirect the user out of the app?

Say we want to redirect the user to an app subscription confirmation page if during the auth flow, we detect that they don’t have an active/valid payment plan.

6

Nevermind! Figured it out by looking through the remix-app package.

You just need the server to send a html response with the app-bridge script, and a script that navigates to your desired url with window.open() in the header.

1 Like
7

I’ve been maintaining a MERN boilerplate for a while now that’s updated, if you want to take a look / use as reference. It doesn’t use the Express wrapper but the @shopify/shopify-api package directly which powers all the wrappers:

2 Likes