Authenticate customer in Shopify via 3rd party API (with existing users)

Retired Boards Appdev Authentication
1

Hi! I have a mobile app with registered users.

I would like to enable users to log in to the my Shopify shop with existing credentials. My back end is able to verify user’s credentials and to do necessary work: issuing of tokens, checking of login and password, build Shopify customer and so on…
But I can not understand how to integrate the Shopify store with my back end to resolve authentication (by my own). Is it possible?

Thank you in advance

2

Hey @itshopifier ,

You could use the Shopify GraphQL Storefront API for this one - https://shopify.dev/api/storefront/getting-started

It has a method to login a user in and get an access token in return, this could then be used to access details about the customer

3

@Matt-Pipelabs , thank you for help!

I think this approach enables my mobile app to get customer’s access token and to interact from the mobile app on behalf of the customer. I probably will use this feature in the future.

At the same time my goal for now is to give a customer possibility to enter existing credentials on ‘https://cool-store.myshopify.com’ and be authorized there via my cloud. I want to avoid any double registration, because all users of mobile app should be able to use ‘https://cool-store.myshopify.com’ on any device.

ps I hope my description is not sophisticated)

4

Have you explored the multipass option? requires plus subscription though

https://shopify.dev/api/admin/rest/reference/plus/multipass

5

If I am right the multipass option enables silent authentication through website for short period of time (customer should be logged in my custom website ‘https://site.com’ and this makes his/her logged in shopify store ‘https://cool-store.myshopify.com’ for short period of time in the same browser).

My goal is to enable logging in shopify store (‘https://cool-store.myshopify.com’) with credentials from existing database
f.e.

  1. a customer just bought a new laptop →
  2. launched Chrome Web Browser →
  3. typed url ‘https://cool-store.myshopify.com’ (the customer visits my store for the first time, he/she did not sign up before) →
  4. clicked on button ‘log in’ →
  5. typed credentials (from existing mobile app) →
  6. shopify store sent credentials onto my server (or somehow checked them) →
  7. user got logged in ‘https://cool-store.myshopify.com’ (in case of correct credentials)->
  8. everyone is happy)

So, the main idea is making a customer available to use https://cool-store.myshopify.com without additional registration

6

Agreed, Multipass is only short time temporary access. Will the mobile SDKs help with your scenario?

7

I need to login a customer from the store side, not from the mobile side)

user → on the ‘https://cool-store.myshopify.com’ → clicks on the ‘login’ button → my server is received login request with ‘login and pass’ and returns true/false → user is loged in ‘https://cool-store.myshopify.com’ (in case of valid credentials)

PS user should be able to be authenticated on the ‘https://cool-store.myshopify.com’ to be able to interact with ‘https://cool-store.myshopify.com’ (it is not storefront API as I understand =))

8

I have the exact same question. I am looking at the following scenarios:

  1. User visits my web app and logs in using their existing credentials. User should be logged into myshopify store if they decide to visit it.

  2. User visits myshopify store, logs in with shopify credentials and decide to navigate to my web app. User should be automatically logged into my web app.

  3. User visits myshopify store and attempts to log in with web app credentials. User should be able to do so.

  4. User visits my web app and attempts to log in with shopify credentials. User should be able to do so.

I know 1 and 2 are possible with multipass. Is 3 and/or 4 even possible? If so, how?

9

@Matt-Pipelabs Does the access token has any expiry?

10

Bro now its 2024 have you find any solution for this problem??