Hello, I have a problem with Lite plan. I am developing my online store on another platform (gatsby js + apollo), but using shopify checkout and Storefront API. I want to use the customers feauture in checkout however I am unable to login customer through the API.
I am using checkoutCustomerAssociateV2 mutation, however the customer is still not logged in when in checkout, only the email address is associated. So my question is how can I log in customer properly from the API so he can use his addresses in checkout.
If it is not possible I have no problem that the customer have to click Log In in checkout to log himself in, however what it does now is to go myshopify.com/account/login and displays liquid theme from non existent online store. How can I access this login template without an online store? If I can't (which I would consider as a big bug from your side) can I use reverse proxy to checkout page without getting a ban and then be able to use my custom login page on that url (I could have than sent request to your login page behind the scenes to get proper cookie and redirect user back to the checkout page).
Thank you. I hope you have some resolutions for me.
Could you please elaborate how you have come to the conclusion that "REST Admin API" is the answer. There is no way for you to authenticate the customer via Admin API.
You can, however, create a custom checkout experience that way but that would come with some noticeable limitations.
Keep in mind that if you associate customer to Checkout, all the customer related discounts will apply in the Checkout.
Some things in Shopify Checkout seem to rely on Shopify Storefront cookies so that probably also applies to customer session to identify customer as logged in.
I went over to test it and came across the documentation here addressing this issue.
If you complete a checkout for a logged-in customer, then the customer is prompted to log in again. You currently cannot use theX-Shopify-Customer-Access-Token header to preserve authentication when the customer is associated to the checkout.
Looks like we currently don't have a straightforward option to achieve this.
My biggest problem was that i could not modify login page from checkout, because there are no templates in shopify lite program. However I have found out that I can modify the login template liquid file through REST.
Then I have added to the login template JS a code to accept some query parameters and if they are present the login form is automatically submitted. This is then requested on my gatsby site alongside the mutation within hidden iframe.
Don't forget that any login requests to Shopify Storefront will trigger a CAPTCHA after couple unsuccessful attempts and the user will be locked out of logging in for 24 hours.
It used to be possible to request Shopify that CAPTCHA is disabled on your store, however, as you are using Lite, you are not supposed to have Storefront in the first place. :)
I have used a similar strategy before, just not with Shopify Lite (didn't know it would actually work).
EDIT: You could technically delay posting authentication to Shopify Storefront until it's been successfully authenticated via Storefront API.
First, thanks for sharing this approach!
I have a question about this as I attempt to implement it (it seems like the only way) - loading a store template via iframe has this in the response headers:
content-security-policy: ...frame-ancestors 'none';...
Which produces the error:
Refused to display 'https://****' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
Did you run into this &/or have a way around it? (I'm sort of wondering if lite mode is a sneaky way around this issue). I would really rather use the token but it appears we have no choice.. Shopify in Headless mode feels a bit unfinished in places..