Include app_version_id in oauth jwt for draft integration apps


UI apps, in UI apps it is possible to retrieve the app_version_id to use in the request to the auth url. This value is required so that the auth server knows which app version to issue the token for (and its appropriate scopes). If the value is not supplied, then the current live version is assumed. Providing the app_version_id is required for testing with draft versions of the app.

However, in integration land, we receive a get request to our authorization URL specified in the integration feature. This includes a JWT. However! this JWT does not include the app_version_id… therefore we are unable to know what version the request is coming from, and the OAuth process fails for collaborators using draft versions.

If the app_version_id was included in the JWT sent with the request (for draft versions) to our authorization URL, we could use that in the redirect sent to the user to redirect them to the auth URL ( for the collaborator on the app to be able to get a token.

The Crux:

The app_version_id is limited to collaborators on an app, but since only collaborators can utilize draft versions - by only sending it in requests from draft versions it avoids issues. Please include the app_version_id in the JWT when sent by a “draft” version of an app.

I’ve created a workaround where I can set it for an app in our development environment, but it is still painful because its one more thing to change for Draft/Live

Hello there @codyfrisch,

I have shared this with the team :grin:

Thank you for sending it!


1 Like