skip to Main Content

We have a custom app hosted in Firebase (Google’s Backend as a service). We would like to use Shopify’s authentication so the user doesn’t have to create an account in the app as well as the Shopify store (where we require accounts).

The key: I need to have some mechanism (like an API) that I can use to have Shopify authenticate a user. (Assume the customer has already created an account in the Shopify store. Account creation will be handled by the normal Shopify process.)

I can create a page in my app to ask for email / pass. Is there some way to send this info (perhaps along with some sort of token generated from a private app) to authenticate the customer? I just need Shopify to confirm whether the email / pass is correct, so I can then ‘login’ the user into my Firebase app.

Any direction / thoughts / suggestions are greatly appreciated.

PS. Firebase offers a ‘custom authentication’ option, along with email, Google+, Facebook. The custom auth option requires sending user / pass to the authentication server, which in this case, would be Shopify.

EDIT: Based on the responses, edited to clarify that I need some way to authenticate the user in Shopify. Handling the custom auth into Firebase seems like a fairly straightforward task, once I receive some sort of signal from Shopify telling me the users email / pass is valid.

3

Answers


  1. This is a classic use case for custom Auth with Firebase. You send email/pass to your backend, authenticate with shopify, on success create a custom token with the user’s id (most likely using shopify’s user id), send it back to the client which would signInWithCustomToken signing in to Firebase.

    Login or Signup to reply.
  2. You should take a look to Shopify MultiPass. Although, you need Shopify Plus that is very expensive.

    Login or Signup to reply.
    1. Customer logs in to Shopify
    2. Logged in Customer has an ID
    3. Use App Proxy in your App to accept this ID using a secure callback
    4. Use the Shopify API to look up the customer with the secure ID
    5. If customer is found, they are then authentic and can use your App

    Why is that not a useful and simple pattern for you to use?

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search