App reviews, troubleshooting, and recommendations
We have a shopify app that lets users create a mobile app for their shopify stores. Now we are trying to implement a new feature which is passwordless login using OTP. I came across this link about the customer access token that can be generated using just the customer's email and password, but the issue is that the token generated has an expiration. So this can cause a issue as if we again try to create this customer access token we will need the password of that customer and cannot be possible without storing the password of the customer in our databases which can cause a potential privacy violation. So is there any way we can implement this feature without storing the password of the customers.
Hi Sandeep, instead of storing raw Password use a encryption algorithm to encode the password and store in DB.
whenever you are generating token read enc Password from DB and decode. For example you can use AES ALGO
Hope it helps.
So, is password necessary for customerAccessToken? or can we implement this without password.
Thank You
Hi Sandeep,
If you are using Shopify Plus, then enable Multipass, so that you can implement "Passwordless Login" by using this API.
Hope it helps.
Thank you. I will check this
HI @sandeepks23 - did you end up going this route? We are in a similar position and are evaluating passwordless login options. Would love to know where you ended up.
On our Shopify Expert Marketplace, you can find many trusted third party developers and fr...
By Arno Nov 27, 2023You've downloaded the Search & Discovery app from the Shopify App store, and as you're ...
By Skye Nov 8, 2023The year-end shopping season is just around the corner. Is a flash sale on your radar? Are...
By Jasonh Nov 6, 2023