Skip to content

Add expiring offline token support #2027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lizkenyon merged 11 commits into from
Dec 11, 2025
Merged

Add expiring offline token support #2027

lizkenyon merged 11 commits into from
Dec 11, 2025

Conversation

@zzooeeyy
Copy link
Contributor

@zzooeeyy zzooeeyy commented Nov 18, 2025
edited
Loading

What this PR does

Depends on new shopify-api-ruby version with this change:

Reviewer's guide to testing

Adds support for expiring offline access tokens with automatic token refresh for apps using ShopSessionStorage.

📖 See Migration Guide for setup instructions.

Key Changes

  • ShopSessionStorage automatically refreshes expired tokens in with_shopify_session (Overwritten from SessionStorage concern) (default behaviour)
    • Added refresh_token_if_expired! public method for manual token refresh
  • ShopSessionStorage now automatically store session attributes (access_scopes, expires_at, refresh_token, refresh_token_expires_at)
  • UserSessionStorage now automatically store session attributes (access_scopes, expires_at)
  • Deprecated ShopSessionStorageWithScopes and UserSessionStorageWithScopes (to be removed in v23.0.0)
  • Shop model generator prompts for migration to add expires_at, refresh_token, and refresh_token_expires_at columns
  • Documentation includes migration guide with background job example for migrating existing shops using ShopifyAPI::Auth::TokenExchange.migrate_to_expiring_token

Checklist

Before submitting the PR, please consider if any of the following are needed:

  • Update CHANGELOG.md if the changes would impact users
  • Update README.md, if appropriate.
  • Update any relevant pages in /docs, if necessary
  • For security fixes, the Disclosure Policy must be followed.

@zzooeeyy zzooeeyy force-pushed the zl/add_expiring_offline_token_support branch from 17f77bc to 80a2054 Compare November 18, 2025 18:18
@zzooeeyy zzooeeyy mentioned this pull request Nov 18, 2025
Merged
@zzooeeyy zzooeeyy changed the title Zl/add expiring offline token support Add expiring offline token support Nov 19, 2025
@zzooeeyy zzooeeyy mentioned this pull request Nov 19, 2025
Merged
@zzooeeyy zzooeeyy changed the title Add expiring offline token support [Can't merge yet] Add expiring offline token support Nov 19, 2025
@zzooeeyy zzooeeyy marked this pull request as ready for review November 24, 2025 21:46
@zzooeeyy zzooeeyy requested a review from a team as a code owner November 24, 2025 21:46
lizkenyon
lizkenyon approved these changes Nov 27, 2025
View reviewed changes
@zzooeeyy zzooeeyy changed the title [Can't merge yet] Add expiring offline token support Add expiring offline token support Dec 5, 2025
lizkenyon
lizkenyon reviewed Dec 5, 2025
View reviewed changes
@lizkenyon lizkenyon merged commit b7df56e into main Dec 11, 2025
7 checks passed
@lizkenyon lizkenyon deleted the zl/add_expiring_offline_token_support branch December 11, 2025 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lizkenyon lizkenyon lizkenyon approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zzooeeyy @lizkenyon