Im using the Storefront API with React as the front end, I can get the customer access token when they login. What is the best way to store this access token? Local Storage? If I use a Node server is there a more secure way of doing it? Are JSON web tokens a possible solution?
This token is pretty much as critical as a customer's password right? Since you can technically make orders just by using it with the checkoutCustomerAssociateV2 mutation
Did you ever figure this out? I'm currently trying to do the same thing React + Storefront API and want to know how to maintain the user's session.
I would just go ahead and use localstorage, following this: https://help.shopify.com/en/api/storefront-api/guides/updating-customers#creating-an-access-token. Whatever you do there will be an access token on the client's computer anyways, there is no way around that. The important part is that the token eventually expires, If the token isn't valid anymore (expired), then log the user out.
Just reuse this token when making requests to the shopify API. Like here: https://help.shopify.com/en/api/storefront-api/guides/updating-customers#updating-the-address
If you want to make it expire sooner you can probably use customerAccessTokenDelete (like run it 2 weeks before the expiry date, though the client can spoof their own time so if you want to do this premature token deletion you would do this server side against server time)
Have you ever explored using an http-only cookie?
I've got a React app that is talking directly to the Storefront API right now. But I'm thinking about bringing in an Express server that functions as an auth middleware of sorts.
Thoughts? What's your setup like?
Im using the Storefront API with React as the front end, I can get the customer access token when they login.
I have trouble in getting customer access token from the storefront. Can you tell me how you get the token when they login?
I see, I need to input the user email and password variable in the Graphql API in order to create the customer access token.
Is it stored in cookie or in something else?
I'm new to shopify, can you teach me how to get the customer's access token when they login? Thanks!