There are 2 types of tokens for authentication in shopify apps.
Online tokens
Offline tokens
In shopify, to make calls outside the admin dashboard, we would need the offline tokens, since online tokens or session tokens expire after a certain time. Offline tokens do not have expiration time, thus, we can use these for calling shopify apis in webhooks, or external scripts. We’ll need to be careful with the offline tokens as authenticated requests can be made using these and these do not expire.
In web.php, where we initialize authorization, add false for an offline mode & true for online mode (false in this case)
In web.php, in middleware('shopify.auth:offline'); add online/offline as per requirement. (offline in this case)
graphqlProxy in Utils does not give an option for offline tokens, thus we’ll have to implement the function or inherit & override the same.
So instead of
$response = Utils::graphqlProxy($request->header(), $request->cookie(), $request->getContent());
We’ll have,
session = Utils::loadCurrentSession($request->header(), $request->cookie(), false);
if (!$session) {
throw new SessionNotFoundException("Could not find session for GraphQL proxy");
}
$client = new Graphql($session->getShop(), $session->getAccessToken());
$response = $client->proxy($request->getContent());
shopify-api-php/oauth.md at main · Shopify/shopify-api-php