Security using Social login Apps

AndreBastos
Excursionist
14 0 5

Hello,

 

I'm currently a developer for a new shop on Shopify, and i'm developing a native mobile application and a web application(using a paid theme) for my client.

 

One of the requirements we had was that this shop had social logins. Since this is a basic requirement for almost all the shops(everyone uses social logins), i though that shopify would have this feature available for the paid plans. From my understanding, this is only available for the Plus Tier, making this unavailable for like 95% of the shopify clients.

 

I have 2 questions related to this.

1. Is there any way to develop a social login using shopify API's that don't require us to pay thousands of euros per month? If not, why not? Shouldn't this be something that shopify should provide us with?

 

2. I see that there are lots of apps that handle social login for the shopify themes. This is not a solution for us, since we need the same solution both on our theme website, and out native mobile app. But from my understanding, the way they handle the social login(Get user information from the social provider, generate a random password, create a customer with the provided email and the generated password, and then calculate this generated password with the provided information) is a big security breach. More than a security breach, how would this work with stuff like "reset password", or "recover my account"? As soon as you change the password in the shopify database, you wouldn't be able to login using our social login again. Am i wrong to assume this?

 

I would like to know what are your thoughts about this.

 

Kind regards,

André Bastos