How to Extract Shop Access Token After Shopify OAuth Authorization

Other Questions Shopify
1

Getting Store Credentials Post-OAuth in Shopify App

I built a Shopify application using the remix framework. After a store owner approves the app permissions during installation, I need to capture the access token and store URL to save them in AWS Secrets Manager.

The rest of my application works fine. I just need to automatically update theme files, which requires the access token to work properly.

I found what seems like the right file for this:

import type { LoaderFunctionArgs } from "@remix-run/node";
import { authenticate } from "../shopify.server";

export const loader = async ({ request }: LoaderFunctionArgs) => {
  await authenticate.admin(request);

// Store Token > AWS Operations

  return null;
};

The issue is I cannot retrieve the shop identifier. I am not even sure if that is necessary, but converting the session token to an access token seems to require it.

I want to modify this function to grab both the access token and shop name, then send them to AWS during admin authentication.

My Prisma database schema includes the access token:

model Session {
  id            String    @id
  shop          String
  state         String
  isOnline      Boolean   @default(false)
  scope         String?
  expires       DateTime?
  accessToken   String
  userId        BigInt?
  firstName     String?
  lastName      String?
  email         String?
  accountOwner  Boolean   @default(false)
  locale        String?
  collaborator  Boolean?  @default(false)
  emailVerified Boolean?  @default(false)
}

So waiting for the authentication should populate the session data above. Then I should be able to access the token, right?

I tried this approach based on some tutorials, but it does not work:

import type { LoaderFunctionArgs } from "@remix-run/node";
import { authenticate } from "../shopify.server";
import { PrismaClient } from "@prisma/client";

const prisma = new PrismaClient();

export const loader = async ({ request }: LoaderFunctionArgs) => {

  const sessionData = await authenticate.admin(request);
  console.log("Session data:", sessionData);

  const shopName = sessionData.input_data.shop.domain;

  const storeToken = await fetchTokenForStore(shopName);

  console.log("Store token:", storeToken);
  return null;
};

async function fetchTokenForStore(shopName: string): Promise<string | null> {
  const sessionRecord = await prisma.session.findUnique({
    where: {
      shop: shopName,
    },
  });
  return sessionRecord ? sessionRecord.accessToken : null;
}

The shop variable I got from a tutorial about getting shop names from client-side checkout sessions. I doubt it works the same way for admin sessions. Any guidance would be helpful.

2

The authenticate.admin() method already returns the session data - no need to query Prisma separately since authentication gives you everything.

Here’s how to grab the session:

export const loader = async ({ request }: LoaderFunctionArgs) => {
  const { session } = await authenticate.admin(request);
  
  const accessToken = session.accessToken;
  const shopDomain = session.shop;
  
  console.log("Access Token:", accessToken);
  console.log("Shop Domain:", shopDomain);
  
  // Send to AWS Secrets Manager here
  
  return null;
};

The session object has all your Prisma schema properties like accessToken and shop. Skip the extra database queries and use what authenticate.admin() gives you for AWS.

3

Yeah, you’re struggling with session data extraction. The previous answer about destructuring is right, but here’s how I actually handle this in production.

When we rebuilt our Shopify integration, I automated the whole token management flow. Here’s what works:

export const loader = async ({ request }: LoaderFunctionArgs) => {
  const { session, admin } = await authenticate.admin(request);
  
  // This gives you everything you need
  const { accessToken, shop } = session;
  
  // Now automate the AWS storage
  await storeCredentialsInAWS(accessToken, shop);
  
  return null;
};

But here’s the interesting part. Instead of manually coding AWS integrations and error handling, I use Latenode to automate this workflow. You can set up a webhook that triggers when new shops install your app.

Latenode handles the AWS Secrets Manager integration automatically. No custom functions, no error handling headaches. Just pass the token and shop data to a Latenode scenario.

I’ve automated dozens of similar Shopify workflows this way. The platform connects directly to AWS services and handles retries, logging, and failure notifications.

Your current approach will work, but automation makes it bulletproof and saves hours of debugging.

Check it out: https://latenode.com

4

skip the prisma query entirely - authenticate.admin(request) already gives you the session data. just destructure it: const { session } = await authenticate.admin(request) and pull session.accessToken and session.shop directly. way cleaner than all those database calls.

5

You’re overcomplicating this. The authenticate.admin() function gives you both session and admin objects - the session has everything you need without extra database calls.

Here’s what I use:

export const loader = async ({ request }: LoaderFunctionArgs) => {
  const { session } = await authenticate.admin(request);
  
  // Direct access to token and shop
  const token = session.accessToken;
  const shopUrl = session.shop;
  
  await saveToAWS(token, shopUrl);
  
  return null;
};

The session object maps straight to your Prisma schema fields. Skip the fetchTokenForStore and manual database lookups. I’ve used this across multiple Shopify apps and it handles token extraction perfectly during OAuth callbacks.

Just make sure your AWS function handles async ops properly since this runs during installation.