Storefront API and SDKs

Steit · ‎11-03-2019

Hi,

I'm developing a third party login app. Similar to a 'log in with' solution. I've covered most of the work but now I'm stuck on how to set the access_token. I'm able to create or update a new customer and then create a new access_token via the graphql storefront API. Next I guess I need to set the access_token in a cookie and refresh the page. I cannot find any location or name I should set it. I've tried the _secure_session_id and the secure_customer_signature but both don't seem to be right. Anyone any suggestions where to look? Or a code example for a 'login with' scenario?

Tnx,

Steit!

hassain · ‎11-04-2019

Hey @Steit .

I am assuming when you say that you are "able to create or update a new customer and then create a new access_token via the graphql storefront API", you mean that you are using the customerAccessTokenCreate mutation in the Shopify Storefront GraphQL API to generate a new Customer Access Token?

If this is the case, there is no defined or expected place where this token needs to be set. This token is only required when Merchants are making modifications to a customer object, or when the customer is creating a checkout/cart for the store and the Merchant needs to associate the customer access token to that checkout/cart. Where the token is stored on the client-side is free for you to decide. From my experience, I have seen this customer access token typically saved in localstorage until it is set to expire.

You can also read more about generating and using customer access tokens here

Hassain | Developer Support Specialist @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Click Accept as Solution

Steit · ‎11-04-2019

Hai @hassain ,

Thanks for your answer. I've done exactly that. But maybe I'm doing the wrong thing for what I want. I want to build a "login with..." tool. I thought I could generate the access_token, safe this in a specific cookie and then reload to let the customer log in. If this is not possible with this access_token how should I approach this then?

Steit.

hassain · ‎11-05-2019

Hey @Steit ,

I suppose it depends on which type of store you are building this third party login app for. If your store is using the Shopify Online Store, then just creating the customer access token alone will not automatically log the customer into the store. For the Shopify Online Store, the only way the customer can be logged in is if they manually go through the log in screen and use the functionality that Shopify provides on the Online Store by default. The only other option available is log in through Multipass, but this is only available if your store is on the Shopify Plus plan

If you are building this third party login app for a store using a custom storefront that is not the Shopify Online Store (i.e. a Headless Shopify store they built using the Buy SDKs or the Storefront API), then the onus is on store itself it to see if the customer access token is saved somewhere client-side and not expired, and if so then visually indicate to the customer that they are now logged in.

Hassain | Developer Support Specialist @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Click Accept as Solution

Storefront API and SDKs

How to set the access_token.

Community Blog Articles

Shopify Community

Support

Shopify

Quick Links