What's your biggest current challenge? Have your say in Community Polls along the right column.
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

External Authentication and user experience

External Authentication and user experience

slingn
Visitor
1 0 0

Hi, 

 

I am building a shopify store and would like to ensure that it is only available for use to users of my existing (external system). I have read the docs and it seems to be pointing me in the direction of using Multipass which seems like it could fit my needs but I am not sure how to "require" that all users authenticate using my external system.

 

Is there a setting in shopify which I need to configure in order to redirect all unauthenticated users to a specific page (in my case, an external website/url's login page). 

 

Additionally, while I understand that by using Multipass I can allow users to login to my external site/system, the process seems to suggest that upon successful authentication in my system I should redirect the user to my store /multipass/[token].

 

Is there anything preventing a malicious user from copy/pasting this multipass/[token] and sharing it with another user? I understand the docs say this specific token based URL can only be used once, but couldn't the user simply log in to my system again to generate a new multipass/[token] url and, for example, prevent their browser from making a request to the multipass/[token] url, instead they share the url with a user who does not have a login?

Replies 0 (0)