FROM CACHE - en_header
Promotion image
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

app extension customer login

app extension customer login

Darren21221
Visitor
1 0 0
‎10-21-2021 08:47 AM

Hi,


We are currently building an public app extension. I am wondering if there is a way we can safely sign a customer in our app when they open our app page in storefront.

For instance, customer sign in Shopify storefront, and then they open up our extension app page, our app will sign them in our app without type the email and password again.

Currently we can only detect whether a customer is login by checking {{customer.id}} is empty or not. If we just log customer in our app using the customer id, there will be a secure hole. 

any suggestion?

698 Views
0 Likes
Report
Reply 1 (1)

jackcylin
Shopify Partner
21 2 9
‎12-17-2021 06:28 AM

It seems no change to login customers without email and password. Wondering how you login with only customer id. If I am right, there's no such security hole. Your app extension can have a javascript to detect dom object __st.cid rendered, instead of checking in liquid (before rendering). That's my understanding.

455 Views
0 Likes
Report
Terms of Service Privacy Policy