I want to use Shopify for our commerce solution but to build out a custom admin/user settings system. The key hurdle I’m dealing with is users and authentication. Let’s assume my site is a.com and my admin system is my.a.com on a different host. I want the user to be able to log in to both the Shopify site and their custom admin/user page using the same username and password (effectively SSO but without a third-party service).
Constraints:
-
I don’t want to build a custom application as I foresee us ultimately going fully custom at some point down the road
-
Just in case someone asks, yes the admin/user settings page is complex/unique enough that it warrants a custom solution to provide a good user experience.
Possible Solution 1
Have accounts created on the custom admin site and use the Create Customer API to keep the two databases in sync.
Questions:
- How do I handle the email validation coming from Shopify (the customer should be oblivious to Shopify as it’s an implementation detail)
Possible Solution 2
Have all accounts created via Shopify and the admin site and create an associated on on the admin site.
Questions:
- How do I handle authentication for a specific user across origins. The only OAuth scenarios I seem to be able to track down are at the app level not per user.
I greatly appreciate any insights you all may have. Thank you.