We're building a Shopify app that allows stores to list their products on our own platform, but we need to authenticate them on our end first so we can connect their Shopify store with their user account on our service. What is the best way to show our own login form after someone opens our Shopify app for the first time? And is there a way to retrieve the shop url and access token after the app has already been loaded so we can store them on our end?
We think we have this figured out but are not sure if we're taking the right approach. We’ve changed the oauth params so it provides us with a permanent access token and are storing it in a session cookie with the httpOnly flag set to false in the browser. Keep in mind, we’re developing an embedded app and have to load a login to our own platform to link accounts.