Sharing auth form mobile in to shopify webview

Technical Q&A

Topic summary

A developer is building a React Native app that displays a Shopify web app in a WebView and wants to implement biometric authentication on the native side while maintaining authenticated access to Shopify.

Main Challenge:
Bridging biometric authentication in React Native with authenticated Shopify WebView access.

Proposed Solutions:

  1. Session Cookie Injection (Recommended):

    • Authenticate user with biometrics natively
    • Fetch Shopify session token/cookie from server
    • Inject cookie into WebView using @react-native-cookies/cookies before loading URL
    • Shopify reads the session cookie and authenticates the user

  2. JWT Token via URL Parameters:

    • Pass short-lived JWT (5-10 min) as URL parameter
    • Web app validates token server-side and establishes session

Key Tools:

  • react-native-webview for JavaScript/header/cookie injection
  • react-native-cookies for cookie management
  • Backend to handle Shopify OAuth and session creation

Security Recommendations:

  • Always validate tokens server-side
  • Use short-lived tokens with audience checks
  • Transmit via HTTPS only
  • Avoid storing credentials in WebView

The discussion remains open with one detailed response providing implementation guidance.

Summarized with AI on October 27. AI used: claude-sonnet-4-5-20250929.
1

I have a react native application and a web shopify app.
In react native I use webview to display my shopify app for mobile.

I wonder how is it possible to share the authorization from mobile device webview + shopify.

Installing shopify sdk? or injecting cookies into webview? or injecting jwt token into webview?
if you had such an experience I appreciate sharing your knowledge with me.

The goal is to use shopify app in webview, but have authentication with biometrics on react native side.

Screenshot 2025-06-19 at 20.11.18.jpeg
Screenshot 2025-06-19 at 20.11.18.jpeg1170×2532 81.5 KB

2

გამარჯობა @batmanashvili !

Great question — you’re trying to bridge biometric authentication in React Native with authenticated access to a Shopify web app in a WebView, which isn’t trivial but definitely possible.

Recommended High-Level Strategy1. Authenticate the user natively (with biometrics + secure storage).

  1. Fetch or generate a secure token (JWT/session cookie) after biometric auth.

  2. Inject the token into the WebView securely (via headers or cookies).

  3. Web app validates and uses the token to log the user into Shopify.

Option 1: Inject Shopify Session Cookie into WebView (Most Native)

If you’re using Shopify Admin API or embedded app model, Shopify expects a valid session token/cookie for access.

Implementation flow:1. React Native side (after biometric auth):

  • Fetch a session token or auth cookie (e.g. from your server or Shopify OAuth endpoint).

  • Inject it into the WebView manually before loading the URL.

  1. Use react-native-cookies or WebView injectedCookies feature (depending on platform):

    1. import CookieManager from ‘@react-native-cookies/cookies’;

      await CookieManager.set(‘https://yourshopifyapp.com’, {
      name: ‘shopify_app_session’,
      value: ‘YOUR_SESSION_TOKEN’,
      domain: ‘yourshopifyapp.com’,
      path: ‘/’,
      version: ‘1’,
      secure: true,
      httpOnly: true,
      });

  2. Load WebView:

    1. <WebView source={{ uri: ‘https://yourshopifyapp.com’ }} />
    2. Shopify will now read this session cookie and treat the user as authenticated.

Option 2: Inject a JWT and Perform Login via URL Parameter or Header

Another route: generate a short-lived JWT on your server after biometric auth and inject it via WebView’s headers or URL param.

  1. React Native app (after biometric):

    • Call your backend to get a JWT or temporary session link.

    • Pass this token into the WebView.

  2. WebView:

    1. <WebView
      source={{
      uri: ‘https://yourshopifyapp.com?auth_token=YOUR_JWT’,
      }}
      />

  3. Web App:

    1. On load, detect the auth_token param.

    2. Validate the JWT with your server.

    3. If valid, create the session and set Shopify cookies internally.

    4. Important: Make sure JWTs are:

      • Short-lived (5–10 min)

      • Signed securely

      • Transmitted via HTTPS only

Additional Tools & Libraries- react-native-webview: lets you inject JS, headers, or cookies.

  • react-native-cookies: for cookie management.

  • Your backend should handle Shopify OAuth + session creation logic.

Security Best Practices- Always validate tokens server-side — never in JS.

  • Secure tokens with short TTL and audience checks.

  • Avoid long-lived tokens or raw credentials in WebView.

  • Consider disabling copy/paste if sensitive info is passed.

Suggested Flow (Summary)

User opens app →
Biometric auth →
Get session JWT (or cookie) from backend →
Inject into WebView →
WebView loads Shopify app with valid auth →
User is seamlessly logged in

If this reply was useful to you, we would really appreciate it if you gave us a LIKE and mark the issue as SOLVED!