Storing Customer Access Token for custom front end

andrenaught
Shopify Partner
17 0 3

Im using the Storefront API with React as the front end, I can get the customer access token when they login. What is the best way to store this access token? Local Storage? If I use a Node server is there a more secure way of doing it? Are JSON web tokens a possible solution?

 

 

This token is pretty much as critical as a customer's password right? Since you can technically make orders just by using it with the checkoutCustomerAssociateV2 mutation

Replies 5 (5)
akshay1stmain
New Member
2 0 0

Hi @andrenaught
Did you ever figure this out? I'm currently trying to do the same thing React + Storefront API and want to know how to maintain the user's session. 

andrenaught
Shopify Partner
17 0 3

I would just go ahead and use localstorage, following this: https://help.shopify.com/en/api/storefront-api/guides/updating-customers#creating-an-access-token. Whatever you do there will be an access token on the client's computer anyways, there is no way around that. The important part is that the token eventually expires, If the token isn't valid anymore (expired), then log the user out.

 

Just reuse this token when making requests to the shopify API. Like here: https://help.shopify.com/en/api/storefront-api/guides/updating-customers#updating-the-address

 

If you want to make it expire sooner you can probably use customerAccessTokenDelete (like run it 2 weeks before the expiry date, though the client can spoof their own time so if you want to do this premature token deletion you would do this server side against server time)

akshay1stmain
New Member
2 0 0

Thanks @andrenaught 

Have you ever explored using an http-only cookie? 

I've got a React app that is talking directly to the Storefront API right now. But I'm thinking about bringing in an Express server that functions as an auth middleware of sorts. 

 

Thoughts? What's your setup like?

ttdpartners
Shopify Partner
4 0 0

Im using the Storefront API with React as the front end, I can get the customer access token when they login.

Hi @andrenaught 

I have trouble in getting customer access token from the storefront. Can you tell me how you get the token when they login?

I see, I need to input the user email and password variable in the Graphql API in order to create the customer access token.

 

Is it stored in cookie or in something else?

Thank you!

Zhemin
New Member
1 0 0

Dear ,

I'm new to shopify, can you teach me how to get the customer's access token when they login? Thanks!

Best,

Zhemin