Shopify POS Embedded App auth flow missing id_token

[uurcank]

When I open my app from POS interface, it only provides a session token, not an id_token. As a result Shopify_app gem redirects to patch_shopify_id_token path but no id_token provided in the return URL

See shopify-reload param in the logs below

Started GET "/shopify?embedded=1&hmac=15128f374660af54c8987b1588655c73e3cca0c83a8548e4b897885c205b6669d4d0aa8&host=cnVnc3Bhc3RvcmUubXlzaG9waWZ5LmNvbS9hZG1pbg&locale=en&session=de50cf5e89110d2337770d69103ab290cc129b7e1cdcd8bbc01da326acc3a506&shop=test.myshopify.com&timestamp=1736117938" for 2607:fb91:1de9:895f:8c22:a7a1:7672:40b7 at 2025-01-05 22:59:00 +0000 rails-app-1 | [b5e5184d-441c-4e63-94af-7a28be7c499c] Processing by ShopifyController#show as HTML rails-app-1 | [b5e5184d-441c-4e63-94af-7a28be7c499c] Parameters: {"embedded"=>"1", "hmac"=>"15128f374660af54c8987b1588655c73e3cca0c83a8548e4b897885c205b6669d4d0aa8", "host"=>"cnVnc3Bhc3RvcmUubXlzaG9waWZ5LmNvbS9hZG1pbg", "locale"=>"en", "session"=>"de50cf5e89110d2337770d69103ab290cc129b7e1cdcd8bbc01da326acc3a506", "shop"=>"test.myshopify.com", "timestamp"=>"1736117938"} rails-app-1 | [b5e5184d-441c-4e63-94af-7a28be7c499c] Redirected to https://stocktake.pasilobus.com/shopify/patch_shopify_id_token?embedded=1&hmac=15128f374660afec8987b153c73e3cca0c83a8548e4b8975c205b6669d4d0aa8&host=cnVnc3Bhc3RvcmUubXlzaG9waWZ5LmNvbS9hZG1pbg&locale=en&session=de50cf5e89110d2337770d69103ab290cc129b7e1cdcd8bbc01da326acc3a506&shop=test.myshopify.com&shopify-reload=%2Fshopify%3Fembedded%3D1%26hmac%3D15128f3a60u474660afec8987b153c73e3cwdarrca0c83a85we48e4b8975c205b6669d4d0aa8%26host%3DcnVnc3Bhc3RvcmUubXlzaG9waWZ5LmNvbS9hZG1pbg%26locale%3Den%26session%3Dde50cf5e89110d2337770d69103ab290cc129b7e1cdcd8bbc01da326acc3a506%26shop%test.myshopify.com%26timestamp%3D1736117938&timestamp=1736117938 rails-app-1 | [b5e5184d-441c-4e63-94af-7a28be7c499c] Completed 302 Found in 14ms (ActiveRecord: 0.0ms (0 queries, 0 cached) | GC: 0.5ms) rails-app-1 | [2bab5b75-f3ad-48a5-8aae-d0cef8e2a8ae] Started GET "/shopify/patch_shopify_id_token?embedded=1&hmac=15128f374660af54c8987b1588655c73e3cca0c83a8548e4b897885c205b6669d4d0aa8&host=cnVnc3Bhc3RvcmUubXlzaG9waWZ5LmNvbS9hZG1pbg&locale=en&session=de50cf5e89110d2337770d69103ab290cc129b7e1cdcd8bbc01da326acc3a506&shop=test.myshopify.com&shopify-reload=%2Fshopify%3Fembedded%3D1%26hmac%3D15128f374a21w3660afec8987b153c7323e3cca0c83a2815484e4b8975c205b6669d4d0aa8%26host%3DcnVnc3Bhc3RvcmUubXlzaG9waWZ5LmNvbS9hZG1pbg%26locale%3Den%26session%3Dde50cf5e89110d2337770d69103ab290cc129b7e1cdcd8bbc01da326acc3a506%26shop%test.myshopify.com%26timestamp%3D1736117938&timestamp=1736117938" for 2607:fb91:1de9:895f:8c22:a7a1:7672:40b7 at 2025-01-05 22:59:01 +0000

upon visiting shopify-reload path, the gem returns this error

Is that the expected behavior here? It looks like to me that Shopify POS fails to provide id_token and the gem has no capability of regenerating one.

Perhaps we can call for an id token on this page and do a Javascript redirect?. It is currently empty

[uurcank]

rails-app-1 | [8ba2e86b-c632-40da-96a5-5ae52ef62195] [ ShopifyApp | INFO | Shop Not Found ] Performing Token Exchange for [test.myshopify.com] - (Offline) rails-app-1 | [8ba2e86b-c632-40da-96a5-5ae52ef62195] [ ShopifyApp | ERROR | Shop Not Found ] A 400 error (ShopifyAPI::Errors::HttpResponseError) occurred during the token exchange. Response: {"error"=>"invalid_identity_session", "error_description"=>"Token exchange cannot be performed due to an invalid subject token."}

[lizkenyon]

Hi there 👋

Could you provide a bit more context on how you are loading your app in the POS interface?
Are you referring to Embed your app in POS or POS UI extensions