Hi, community members.
Today I would like to raise a question that remains unanswered. The question is:
How can we identify customers in our embeded Proxy App?
Now Shopify have not common solution for this problem though community has ask this question many times. Here is just a couple post on this forum I found and dated, when it was posted:
With every proxied request Shopify passes along to your application, it adds a shop query parameter to help your application identify the store the request is coming from.
In addition to this, Shopify could pass along the ID of any customer that’s currently logged in to the storefront, either along with the shop parameter in the query string or as a custom HTTP header (perhaps X-Shopify-Customer-Id).
Doing this would greatly simplify the authentication progress for all customer pages where it’s required that a customer is logged in to their account. Pages that require authentication without a customer login (such as order tracking pages) would still need to use a URL-based method, but it would be possible to
reduce the risk of information leakage by doing something like still requiring a customer account login after a certain amount of time has passed.
And I agree with him. I decided to contact the developers and this is what they said:
They are aware of this being requested, and will look into implementing this in the future. If we see enough demand over existing development projects, and if we see more requests come in for the same solution from other developers this will increase the priority of the feature being implemented.
I urge all application developers who develop Shopify applications to support me and store owners who want to protect their users' data in the Proxy App from being stolen. I am always open for discussion and will be glad to talk about this with other developers and members of the Shopify community.