Skip to content

Remove non-embedded React Router app configuration#3265

Open
byrichardpowell wants to merge 1 commit into
rpowell/fix-hmr-login-redirectfrom
remove-react-router-non-embedded-concept
Open

Remove non-embedded React Router app configuration#3265
byrichardpowell wants to merge 1 commit into
rpowell/fix-hmr-login-redirectfrom
remove-react-router-non-embedded-concept

Conversation

@byrichardpowell

@byrichardpowell byrichardpowell commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Context

This PR is stacked on #3216. That PR removes the last package-driven redirect to /auth/login for embedded Admin document requests with missing shop / host params by rendering the App Bridge recovery page instead.

With that behavior in place, the React Router package should no longer expose public API surfaces that imply apps can opt into a non-embedded mode. The previously available knobs <AppProvider embedded={false}>, shopifyApp({isEmbeddedApp: false}), and template embedded = false guidance are misleading and can lead to broken auth loops.

What changed

  • Removed the embedded prop from React Router AppProvider.
  • Made AppProvider require apiKey and always render App Bridge alongside Polaris web components.
  • Added a runtime guard that rejects shopifyApp({isEmbeddedApp: ...}) with a clear error.
  • Renamed the internal NonEmbeddedAdminContext type to MerchantCustomAdminContext to avoid implying general non-embedded app support.
  • Updated/generated React Router API docs.
  • Added a major changeset with migration steps, including the corresponding React Router template updates.

Migration notes

For app routes:

- <AppProvider embedded apiKey={apiKey}>
+ <AppProvider apiKey={apiKey}>
    <Outlet />
  </AppProvider>

For login/Polaris-only pages, remove AppProvider instead of using embedded={false}:

- <AppProvider embedded={false}>
-   <s-page>...</s-page>
- </AppProvider>
+ <s-page>...</s-page>

Remove isEmbeddedApp from React Router shopifyApp config:

const shopify = shopifyApp({
  // ...
- isEmbeddedApp: false,
});

For apps based on shopify-app-template-react-router, the dedicated /auth/login UI route can be removed. Move the shopify.login(request) call into the root route action and have the root login form post to itself instead of /auth/login:

- <Form method="post" action="/auth/login">
+ <Form method="post">

Validation

  • pnpm --filter @shopify/shopify-app-react-router lint
  • pnpm --filter @shopify/shopify-app-react-router exec jest --runInBand
  • pnpm --filter @shopify/shopify-app-react-router build
  • git diff --check

Note: local commands emit the existing Node engine warning for shopify-app-session-storage-mongodb because this machine is on Node v20.10.0 and that package requests >=20.19.0; the commands still pass.

@github-actions github-actions Bot added the devtools-gardener Post the issue or PR to Slack for the gardener label Jun 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

devtools-gardener Post the issue or PR to Slack for the gardener

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@byrichardpowell