Dedicated to the Hydrogen framework, headless commerce, and building custom storefronts using the Storefront API.
Hi,
We are currently building an public app extension. I am wondering if there is a way we can safely sign a customer in our app when they open our app page in storefront.
For instance, customer sign in Shopify storefront, and then they open up our extension app page, our app will sign them in our app without type the email and password again.
Currently we can only detect whether a customer is login by checking {{customer.id}} is empty or not. If we just log customer in our app using the customer id, there will be a secure hole.
any suggestion?
It seems no change to login customers without email and password. Wondering how you login with only customer id. If I am right, there's no such security hole. Your app extension can have a javascript to detect dom object __st.cid rendered, instead of checking in liquid (before rendering). That's my understanding.