Implement passwordless login using customerAccessTokenCreate

sandeepks23 · ‎07-02-2023

We have a shopify app that lets users create a mobile app for their shopify stores. Now we are trying to implement a new feature which is passwordless login using OTP. I came across this link about the customer access token that can be generated using just the customer's email and password, but the issue is that the token generated has an expiration. So this can cause a issue as if we again try to create this customer access token we will need the password of that customer and cannot be possible without storing the password of the customer in our databases which can cause a potential privacy violation. So is there any way we can implement this feature without storing the password of the customers.

har_s_ha · ‎07-02-2023

Hi Sandeep, instead of storing raw Password use a encryption algorithm to encode the password and store in DB.

whenever you are generating token read enc Password from DB and decode. For example you can use AES ALGO

Hope it helps.

sandeepks23 · ‎07-03-2023

So, is password necessary for customerAccessToken? or can we implement this without password.

har_s_ha · ‎07-03-2023

Yes password is necessary for generating customer access token

Doc link

sandeepks23 · ‎07-07-2023

Thank You

vixnguyen · ‎07-05-2023

Hi Sandeep,

If you are using Shopify Plus, then enable Multipass, so that you can implement "Passwordless Login" by using this API.

Hope it helps.

sandeepks23 · ‎07-07-2023

Thank you. I will check this

ianjgreenfield · ‎11-27-2023

HI @sandeepks23 - did you end up going this route? We are in a similar position and are evaluating passwordless login options. Would love to know where you ended up.

cms1209 · ‎07-11-2024

did you find any potential solution for this (passwordless login)??

Implement passwordless login using customerAccessTokenCreate

Implement passwordless login using customerAccessTokenCreate

Community Blog Articles