FROM CACHE - en_header

app extension customer login

Darren21221
Visitor
1 0 0
‎10-21-2021 08:47 AM

Hi,


We are currently building an public app extension. I am wondering if there is a way we can safely sign a customer in our app when they open our app page in storefront.

For instance, customer sign in Shopify storefront, and then they open up our extension app page, our app will sign them in our app without type the email and password again.

Currently we can only detect whether a customer is login by checking {{customer.id}} is empty or not. If we just log customer in our app using the customer id, there will be a secure hole. 

any suggestion?

410 Views
0 Likes
Report
Reply 1 (1)
jackcylin
Shopify Partner
21 2 9
‎12-17-2021 06:28 AM

It seems no change to login customers without email and password. Wondering how you login with only customer id. If I am right, there's no such security hole. Your app extension can have a javascript to detect dom object __st.cid rendered, instead of checking in liquid (before rendering). That's my understanding.

167 Views
0 Likes
Report
Community Browser
Terms of Service Privacy Policy