Re: Storefront Weburl Checkout Logged In

Solved

Storefront Weburl Checkout Logged In

amiewilt
Visitor
3 0 0
 
We have a react native app that currently supports a Shopify store through a web view. We are redoing the app and building out the store using react native, and we're using Shopify's webUrl for checkout. We authenticate the user prior to viewing products and then get an access token to pass in checkoutCustomerAssociateV2, however the user's info isn't populated and rather they are prompted to log in again via a "Login" link.
 
How can we avoid the user having to log in again through the webUrl checkout view?
Accepted Solution (1)

hassain
Shopify Staff (Retired)
624 104 188

This is an accepted solution.

Hi @amiewilt 

 

What you are describing is a known use case. Having customers auto-logged in when they re-direct from the API to Web Checkout is a security issue. Since the checkout URL is unauthenticated, then you'd have a checkout URL that could be shared or stored that gives direct access to a customer's details. So when a customer is associated with a checkout, we require them to re-login to validate that they have access. You can read more about the issue here.
 
If you are using the Mobile SDKs, this can be resolved by passing the customer access token through the custom header of “X-Shopify-Customer-Access-Token” in your request to load the web checkout URL. See here for more details.
 
On web, the only way to accomplish this right now would be to use Multipass and its API to associate the customer accounts instead of using the mutation “customerCheckoutAssociatev2”. This will allow customers to be logged in and be directed to checkouts while remaining logged in. However this functionality is only available for Shopify Plus merchants right now.
 
 

To learn more visit the Shopify Help Center or the Community Blog.

View solution in original post

Replies 4 (4)

hassain
Shopify Staff (Retired)
624 104 188

This is an accepted solution.

Hi @amiewilt 

 

What you are describing is a known use case. Having customers auto-logged in when they re-direct from the API to Web Checkout is a security issue. Since the checkout URL is unauthenticated, then you'd have a checkout URL that could be shared or stored that gives direct access to a customer's details. So when a customer is associated with a checkout, we require them to re-login to validate that they have access. You can read more about the issue here.
 
If you are using the Mobile SDKs, this can be resolved by passing the customer access token through the custom header of “X-Shopify-Customer-Access-Token” in your request to load the web checkout URL. See here for more details.
 
On web, the only way to accomplish this right now would be to use Multipass and its API to associate the customer accounts instead of using the mutation “customerCheckoutAssociatev2”. This will allow customers to be logged in and be directed to checkouts while remaining logged in. However this functionality is only available for Shopify Plus merchants right now.
 
 

To learn more visit the Shopify Help Center or the Community Blog.

karmelcorn
Tourist
7 0 9

What is different between Storefront API and Mobile SDK? 

Why can't we similarly use custom header of “X-Shopify-Customer-Access-Token” in your request to load the web checkout URL. for Storefront API?

nickypatson
Visitor
1 0 0

Even we pass the header "X-Shopify-Customer-Access-Token" to the URL request still the webview shows the "logout" button.  Is there any we can hide the logout option from the web payment URL?

Using mobile-buy-sdk-ios

 

thanks

 

PabloGa
Tourist
3 0 1

Hi,
We've developed a frontend web app using Storefront API.
We can do user registration, login, etc but we cannot create an authenticated checkout.
When user is logged in in our web app, appears not logged in the checkout, but when the order is complete it's associated to the user.

 

We've tried both "cartCreate" and "checkoutCreate" APIs.

 

With "cartCreate" API we cannot assign "deliveryAddressPreferences" to the "CartBuyerIdentity".
We tried also with "cartBuyerIdentityUpdate" but it didn't work.

 

With "checkoutCreate" instead we can send the shipping address to the checkout and when the user arrive to the chekout the address is filled.
With "checkoutCustomerAssociateV2" we associate the user to the checkout object but the user is stil not logged in the checkout page.

 

Are there any solutions?

X-Shopify-Customer-Access-Token seems to work only withMobile SDKs.

Is it possible to create a logout where the user is logged in, if we login with Storefront API?