Is it possible to use liquid to encrypt data that my app server can decrypt and validate?

Highlighted
New Member
1 0 0

I was wondering if it was possible to use liquid to encrypt data that my app server can decrypt and validate. What I'm trying to achieve is a way to securely transfer the current logged in customer's info to my app server while preventing unauthorized submissions.

 

Consider an SSO App that uses logged in Shopify customer information to generate SSO Token on my application server and show a Button to redirect to my Website. If I can use liquid to encrypt the user info somehow, then my app can decrypt and validate the input to ensure Shopify created the user info.

Is there a better way to do this?

 

Thanks

0 Likes
Highlighted
Shopify Expert
10006 116 1818

How secure does it need to be?

Perhaps you could store a metafield on the customer object that contains a unique token to form as the starting place. Metafield may not be the best place to store super secret things though. I’ve seen other methods of people using the sha256 string filters (and similar) to make a hash out of the customer ID+email+something. That’s could be a good baseline starting place for you too.

★ Winning Partner of the Build a Business competition. ★ http://freakdesign.com.au
0 Likes
Highlighted
Shopify Expert
4265 32 434

Liquid is not used to encrypt or decrypt data, nor is it used to transfer data to other domains. You are exclusively in the domain of JS scripting and working with your App server. Since all communications between the client and your server are HTTPS, you have TLS. So nothing going over the wire is open anyway. If you wanted to be able to claim you're even more clever, you could use your app to generate a salt and use that client-side to further encrypt using JS to run the algorithms. With that, you could decrypt the payload in your App.

 

JS is your buddy here. Use it wisely, and where you actually need it. Save yourself the trouble by not overthinking things!

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
0 Likes
Highlighted
Tourist
3 0 0

Hello,

You can integrate javascript on the storefront through which you can send information on your server after encrypting it . Encryption can be done either through any private key or you can also hash the information before sending it over to your external server.

We have our Single Sign On(SSO) App on shopify through which you can sign-in to your shopify store(Non plus and Plus) via IDP of your choice with support for multiple protocols like SAML, OAuth, etc. Please click here to check out our app

With modifications in our app we can help you to send data after encrypting over external server in a secure way and than you can decrypt data at your end by private key. 

Thanks,

Manish 

0 Likes