Using customer access token to validate customers on the backend

New Member
1 0 0

Hello fellow community members!

My team of developers is currently struggling with the issue of validating customers on our own backend, as described here: Request: Proxy Apps Customer Auth

ong story short, we are using a React app on the front end backend by Shopify Storefront API and our own backend running Express.js. We are using our backend to extend features provided by Shopify, such as displaying feedback forms, collecting feedback, and other customer-specific information. We are using customer id to determine and display, as well as submit customer specific information. As a result, we need a way to verify that a given customer id matches the customer id of a person who is currently logged in on our React app. One suggested solution was proposed here: Securing customer pages with a Shopify app proxy. This solution doesn't work for us as we are not using Liquid. 

Currently the proposed solution is to pass customer access token generated upon log-in and stored in local storage from the React app to our backend, and on the backend verify customer id using the Storefront API. Other than obvious rate limiting considerations, are there any drawbacks to this solution? 

Thanks everyone in advance!