Session token does not contain sub claim

Hey,

Developing Customer Account UI Extension using official docs and I cannot get “sub” claim in session token. Before I receive standard “redeploy & reinstall it” response - done it multiple times already, did not make any difference.

I have specified “read_customers” scopes in app’s TOML file:

...
[access_scopes]
scopes = "read_customers"
...

I have specified below configuration in extension’s TOML file:

...
[extensions.capabilities]
api_access = true
network_access = true
...

And when executing below snippet:

...
import { useApi } from "@shopify/ui-extensions-react/customer-account";

const { sessionToken } = useApi();
sessionToken.get().then(token => console.log("Token:", token));
...

and decoding with jwt.io, it does not contain “sub” claim that should contain customer’s ID as described in docs here and here.

@TristanGlt it’s been some time and I got stuck with the same problem, a missing sub field. Have you found anything in the meantime?

I see the UI extension on the profile page in a deployed app on my development store (and in dev), but in both scenarios (with read/write_customers scope and network_access) I only get iss, dest, aud, exp, nbf, iat, jti.

I’m not sure how you’re supposed to build a customer account extension without knowing the customer…

Solution:

Your app needs to request Protected customer data access Level 1. Doing that, you will get the sub field. It’s not clearly documented but maybe it will help someone