Update package.json dependencies to local paths and add refresh token fields to Session model

fwaadahmad1 · fwaadahmad1 · commit 7a42eec864e3 · 2025-12-11T15:09:53.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # @shopify/shopify-app-template-react-router
 
+## 2025.12.11
+
+- [#151](https://github.com/Shopify/shopify-app-template-react-router/pull/151) Update `@shopify/shopify-app-react-router` to v1.1.0 and `@shopify/shopify-app-session-storage-prisma` to v8.0.0, add refresh token fields (`refreshToken` and `refreshTokenExpires`) to Session model in Prisma schema, and adopt the `expiringOfflineAccessTokens` flag for enhanced security through token rotation. See [expiring vs non-expiring offline tokens](https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/offline-access-tokens#expiring-vs-non-expiring-offline-tokens) for more information.
+
 ## 2025.10.10
 
 - [#95](https://github.com/Shopify/shopify-app-template-react-router/pull/95) Swap the product link for [admin intents](https://shopify.dev/docs/apps/build/admin/admin-intents).
diff --git a/app/shopify.server.ts b/app/shopify.server.ts
@@ -16,6 +16,9 @@ const shopify = shopifyApp({
   authPathPrefix: "/auth",
   sessionStorage: new PrismaSessionStorage(prisma),
   distribution: AppDistribution.AppStore,
+  future: {
+    expiringOfflineAccessTokens: true,
+  },
   ...(process.env.SHOP_CUSTOM_DOMAIN
     ? { customShopDomains: [process.env.SHOP_CUSTOM_DOMAIN] }
     : {}),
diff --git a/package.json b/package.json
@@ -30,8 +30,8 @@
     "@react-router/node": "^7.9.3",
     "@react-router/serve": "^7.9.3",
     "@shopify/app-bridge-react": "^4.2.4",
-    "@shopify/shopify-app-react-router": "^1.0.0",
-    "@shopify/shopify-app-session-storage-prisma": "^7.0.0",
+    "@shopify/shopify-app-react-router": "^1.1.0",
+    "@shopify/shopify-app-session-storage-prisma": "^8.0.0",
     "isbot": "^5.1.31",
     "prisma": "^6.16.3",
     "react": "^18.3.1",
diff --git a/prisma/migrations/20240530213853_create_session_table/migration.sql b/prisma/migrations/20240530213853_create_session_table/migration.sql
@@ -14,5 +14,7 @@ CREATE TABLE "Session" (
     "accountOwner" BOOLEAN NOT NULL DEFAULT false,
     "locale" TEXT,
     "collaborator" BOOLEAN DEFAULT false,
-    "emailVerified" BOOLEAN DEFAULT false
+    "emailVerified" BOOLEAN DEFAULT false,
+    "refreshToken" TEXT,
+    "refreshTokenExpires" DATETIME
 );
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
@@ -29,4 +29,6 @@ model Session {
   locale        String?
   collaborator  Boolean?  @default(false)
   emailVerified Boolean?  @default(false)
+  refreshToken        String?
+  refreshTokenExpires DateTime?
 }

Original file line number	Diff line number	Diff line change
`@@ -29,4 +29,6 @@ model Session {`
`29`	`29`	`locale String?`
`30`	`30`	`collaborator Boolean? @default(false)`
`31`	`31`	`emailVerified Boolean? @default(false)`
	`32`	`+ refreshToken String?`
	`33`	`+ refreshTokenExpires DateTime?`
`32`	`34`	`}`