app extension customer login

Darren21221
Visitor
1 0 0

Hi,


We are currently building an public app extension. I am wondering if there is a way we can safely sign a customer in our app when they open our app page in storefront.

For instance, customer sign in Shopify storefront, and then they open up our extension app page, our app will sign them in our app without type the email and password again.

Currently we can only detect whether a customer is login by checking {{customer.id}} is empty or not. If we just log customer in our app using the customer id, there will be a secure hole. 

any suggestion?

Reply 1 (1)
jackcylin
Shopify Partner
21 2 9

It seems no change to login customers without email and password. Wondering how you login with only customer id. If I am right, there's no such security hole. Your app extension can have a javascript to detect dom object __st.cid rendered, instead of checking in liquid (before rendering). That's my understanding.