External Authentication and user experience

1 0 0



I am building a shopify store and would like to ensure that it is only available for use to users of my existing (external system). I have read the docs and it seems to be pointing me in the direction of using Multipass which seems like it could fit my needs but I am not sure how to "require" that all users authenticate using my external system.


Is there a setting in shopify which I need to configure in order to redirect all unauthenticated users to a specific page (in my case, an external website/url's login page). 


Additionally, while I understand that by using Multipass I can allow users to login to my external site/system, the process seems to suggest that upon successful authentication in my system I should redirect the user to my store /multipass/[token].


Is there anything preventing a malicious user from copy/pasting this multipass/[token] and sharing it with another user? I understand the docs say this specific token based URL can only be used once, but couldn't the user simply log in to my system again to generate a new multipass/[token] url and, for example, prevent their browser from making a request to the multipass/[token] url, instead they share the url with a user who does not have a login?

Replies 0 (0)