From a2ea093760d1baea353a192130ff668066248cb5 Mon Sep 17 00:00:00 2001
From: Clara <2524209+ClaraLeigh@users.noreply.github.com>
Date: Thu, 18 Nov 2021 04:10:05 +1000
Subject: [PATCH] Bugfix incorrect api_key in SessionToken function (#1001)

Fixes an issue where the verifyValidity() function checks the api token against the global api_key instead of any shop specific token.
Also fixes an infinite loop error that was occurring for myself, possibly related to: https://github.com/osiset/laravel-shopify/issues/962
---
 src/Objects/Values/SessionToken.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Objects/Values/SessionToken.php b/src/Objects/Values/SessionToken.php
index dbc6b6d4..58775dfd 100644
--- a/src/Objects/Values/SessionToken.php
+++ b/src/Objects/Values/SessionToken.php
@@ -251,7 +251,7 @@ protected function verifySignature(): void
     protected function verifyValidity(): void
     {
         Assert::that($this->iss)->contains($this->dest, self::EXCEPTION_INVALID);
-        Assert::that($this->aud)->eq(Util::getShopifyConfig('api_key'), self::EXCEPTION_INVALID);
+        Assert::that($this->aud)->eq(Util::getShopifyConfig('api_key', $this->getShopDomain()), self::EXCEPTION_INVALID);
     }
 
     /**