Implement passwordless login using customerAccessTokenCreate

sandeepks23
Shopify Partner
41 0 5

We have a shopify app that lets users create a mobile app for their shopify stores. Now we are trying to implement a new feature which is passwordless login using OTP. I came across this link about the customer access token that can be generated using just the customer's email and password, but the issue is that the token generated has an expiration. So this can cause a issue as if we again try to create this customer access token we will need the password of that customer and cannot be possible without storing the password of the customer in our databases which can cause a potential privacy violation. So is there any way we can implement this feature without storing the password of the customers.

Replies 7 (7)
har_s_ha
Shopify Partner
2 0 0

Hi Sandeep, instead of storing raw Password use a encryption algorithm to encode the password and store in DB.

 whenever you are generating token read enc Password from DB and decode. For example you can use AES ALGO

Hope it helps.

 

sandeepks23
Shopify Partner
41 0 5

So, is password necessary for customerAccessToken? or can we implement this without password.

har_s_ha
Shopify Partner
2 0 0

Yes password is necessary for generating customer access token

Doc link

sandeepks23
Shopify Partner
41 0 5

Thank You

vixnguyen
Shopify Partner
41 4 4

Hi Sandeep,

If you are using Shopify Plus, then enable Multipass, so that you can implement "Passwordless Login" by using this API.

Hope it helps.

sandeepks23
Shopify Partner
41 0 5

Thank you. I will check this

ianjgreenfield
Visitor
1 0 0

HI @sandeepks23 - did you end up going this route? We are in a similar position and are evaluating passwordless login options. Would love to know where you ended up.