You can use the Proxy to populate the Liquid phase of your rendering needs, and then use a Javascript callback with the customer info to further refine the page rendering. That is one pattern that works in this case.

I require the customer Id so I can store information related to the user on my side and conversely render content related to that user in a template back to the client. Using {{ customer.id }} will not help as this is only displayed to the client.

I this case, a gift registry, the user can add a product to what is essentially a cart (but is in fact a wishlist). As there is no facility to store custom lists in shopify I store these lists remotely accessing them via an app proxy. The app proxy accepts posted information (user Id...) and I can successfully add items to the lists. The issue being when I want to render the user's list back I must know again who this user is. I must then create a link http://example.myshopify.com/apps/registry/view/{customer.id}, which is far from perfect. not only because I must include the user Id but because the vendor can alter the url to the app proxy making it difficult to provide the correct url in any liquid templates returned.

I don't know how I could use an Id to authenticate a user but I can trust the response from shopify because I can test the signature provided in the request against my secret. 

It seems the only way of getting the currently logged in user is via get which I do not like. It makes it harder for a shop vendor to integrate an app as they must fiddle with their templates also exposing the user Ids.

I built an App like yours and had no trouble making a customer specific wishlist that included a comments section that only allowed invited customer friends to participate. In other words, each customer's Wishlist was unique to them, included their friends, and the shop merchant had access too. Additionally, this App created collections just for the customer. Liquid and Javascript together were suitable and I had no URL mangling issues like you. It can be done.

Well, uh, in my gift registry app which is about to be released, we solved this problem by using an OAuth authentication scheme with user sessions, based off a shared secret and the customer's email.

@hunkybill, mind sharing how you did that? Did you just create a custom collection and append products to it?

@Adam, are you saying that you found the same short comings as me and had to implement some custom solution to get around the issue? (pretty sure I've spoken to you before about this similar app).

We may have spoken, I can't recall. That being said; yes, pretty much. The app proxy wasn't designed to let you authenticate users, only shops, so you need to do it yourself.

Adam

Indeed. I leverage built-in Shopify features as much as possible, in this case collections.

I wasn't that bothered about authenticating, it's a wishlist after all, I guess you could add dildos to somebodies list or something but that's about the worst you could do with it, maybe I'm just lacking imagination. Anyway, I digress, the easiest way would be to accept the Id in the request and do a check to see if that user existed in the shop. I wasn't aware you could do any kind of hashing within shopify as you suggest combining the customer's email and the shared secret. 

In my case accepting the id in the get is just going to have to do. 

@hunkybill, do you think I'm over engineering this sucker. To be honest I'm only doing a favour for a friend, it's consuming a lot more time than I had expected. I had written a full liquid app using customer collections but I junked it fearing it would scale poorly.

Do you just build an Id for a wishlist out of the customer Id ala 'wishlist-{{customer.id}}' and that is your collection, push objects onto that and then render the wishlist based on that collection?

Pretty much yes. And that little ditty indeed consumed a lot more time, effort and resources than I imagined.

lol, maybe I'll throw this away and have another stab. It's taken forever to just figure out how it all works. The docs seem wired towards ruby and that is it, nothing describes very well the workings under the hood. I had to reverse engineer a lot just to get it to work at all. 

Ruby has nothing to do with it. What, you think using C# or Java would help you out? 

Spam.spam.spam.spam.spam.id

The beauty of API based computing is you can use any scripting language you want. I think people are lucky the docs favour Ruby. At least the correct constructs to use read well from that code (in english anyway). Try teaching someone to understand anything with Objective-C, PHP, Java or C# and you have a real mess on your hands as that code reads like junkie on a bender hallucinating bad poetry in the middle of a Swans concert. 

I was talking more about how the examples and documentation tell you how to use the rails app builder but do not tell you how things actually work. A lot of it has to be worked out for yourself. I have had no need to use the api yet, that would be the easy part. Just authenticating an app install took a while, the endpoints for authentication are not listed anywhere other than on this forum or various other places. The rails app does all the work for the ruby dev so you have to dig these values out for your self if you want to use a different architecture.

oAuth is well documented. It's a mess no matter what language you choose to learn it with. It's not like Shopify is the only source of frustration for this. Same frustrations apply to all platforms.

True enough.

I love wishlists!