Dedicated to the Hydrogen framework, headless commerce, and building custom storefronts using the Storefront API.
I have an application that lets users register and login using the Storefront API. When a User logs-in, the storefront is asked for a Customer Access Token:
mutation customerAccessTokenCreate($input: CustomerAccessTokenCreateInput!) { customerAccessTokenCreate(input: $input) { customerAccessToken { accessToken expiresAt } } }
It returns what appears to be a valid JWT, but when this JWT is passed into a query for the users data, it returns a null user:
query { customer(customerAccessToken: "access-token-goes-here") { id firstName lastName acceptsMarketing email phone } } returns: { "data": { "customer": null } }
What's odd is that if I use the customerAccessTokenCreate mutation directly through the Shopify GraphiQL editor, the JWT it returns is different and actually works to query for their data:
{ "data": { "customer": { "id": "gid://shopify/Customer/xyz", "firstName": null, "lastName": null, "acceptsMarketing": false, "email": "whatever@whatever.com", "phone": null } } }
Why might my application be returning JWTs that are invalid, but the GraphiQL editor returns valid ones?
I'm running into the same issue here using the 2023-04 Storefront API. Any attempt at using the accessTokens generated from my NextJS app's POST requests results in a null customer.
Edit: I found the issue. Hopefully you're in the same boat as me and juggling two different Storefront Access Tokens (not user access tokens). One of them is from the Headless sales channel app and the other (with proper permissions) is coming from a custom app. I had the sales channel token with the incorrect permissions being used in the JWT login process. Why it was actually generating a user access token, I can't tell you, but switching to the correct Storefront access token did the trick and gave me the right user access tokens.