Definitive Answer on Checkout Login

[gil--]

I've spent the last couple hours researching if there's any way to utilize the storefront api and avoid having the customer log in on Shopify checkout (when coming from an authenticated session from our headless Shopify app). And it seems No but I can't find a definitive answer in the docs or online...

• Just saw the storefront announcements and saw "Allow customer to login automatically via X-Shopify-Customer-Access-Token header in web checkout" on https://ecommerce.shopify.com/c/api-announcements/t/stay-up-to-date-with-the-storefront-api-changes-548257 but (afaik) you can't send headers when redirecting a user to a url, this is not possible outside of mobilesdk. According to Scott @ [V1.7.0] [Help Wanted] With WebUrl, customer should be able to navigate to direct checkout instead of taking to login page js-buy-sdk#561 (comment) it's not currently possible except with MultiPass.

• I came across [1.0alpha] send login (=customerAccessToken) to checkout page js-buy-sdk#430 (comment) which seemed to suggest we can simply pass customer_access_token in the webUrl but that does not seem to work a year later (if it ever worked at all) after associating the checkout with the same customerToken.

Nowhere on https://help.shopify.com/en/api/custom-storefronts/storefront-api/reference/mutation/checkoutcustomerassociatev2 or the storefront api docs does it go over authentication for checkout and that it's not possible. If it's indeed not possible to avoid making the user relogin on Shopify checkout, can we please add a note to the official docs? Would save me and others countless hrs sifting through Github issues and the community forum to find out the answer regarding avoiding logging in when coming to checkout screen.

edit:

Perhaps we can load checkout into an iframe with the X-Shopify-Customer-Access-Token header via ajax XHR.

I understand the security implications (re: Shopify/js-buy-sdk#561 (comment)) but it's still unfortunate nonetheless. Definitely not an ideal UX and would probably lead to conversion loss but I'm not really sure how to avoid from a security/technical standpoint.

[rebeccajfriedman]

For the Storefront API, customer login on Shopify checkout is currently not supported, except through the header (via a mobile app). We are planning on adding support for Multipass, but please note that this is only available to Plus merchants.

I have added an issue to our backlog to update the checkout guide with more explicit information regarding this.

[gil--]

@rebeccajfriedman Thanks Rebecca! Appreciate the response. Having more explicit info in the guide will be much appreciated. Looking forward to the Multipass support for Plus clients.

[SylarRuby]

I’ve just realised that we can associate a shipping address to a checkout. Oh man. Not sure how I’ve missed that. That way the customer has no need to log in again as they’ll see their email address and shipping already prefilled. Awesome!

[8eecf0d2]

Just want to bump this and confirm that there is still no (documented) Storefront API method to auto-login customers to the Shopify Checkout.

Multipass has been released and works as described but is not a part of the Storefront API and trying to achieve different goals.

There is a Storefront API mutation called checkoutCustomerAssociateV2 but unfortunately it only appears to set the checkout.email property to that of the customer - which I suppose does technically meet the criteria of assigning the checkout to a customer.

FWIW the removal of the customer_access_token query parameter would suggest that there is no Storefront API solution possible that would meet the security requirements (as they would all be effectively no more secure than a query parameter.)

The main reason this feature is important is it would remove the need for any server side logic (eg, Multipass) - however I'd assume the majority of merchants opting for custom storefronts probably don't see this as a big value add and already have server side logic.

@rebeccajfriedman is there any update on this feature coming to the Storefront API?

[drinkmorewaters]

Dealing with your undocumented SDK's, poor implementations and half baked methodology is a real pain. Not a day goes passed where we hit "Wait you can't do that?".......

[adrienpicard]

Facing this issue today too. Any update on implementing this into the Storefront API for non-Plus users @rebeccajfriedman?

[arslanramay]

I’ve just realised that we can associate a shipping address to a checkout. Oh man. Not sure how I’ve missed that. That way the customer has no need to log in again as they’ll see their email address and shipping already prefilled. Awesome!

Looks like a good approach to associate shipping address to Checkout. However, I couldn't find any Mutation for associating Shipping Address to Checkout just like we have 'checkoutCustomerAssociateV2'. Could you please provide some more detail about how did you associate Shipping Address to Checkout? Thanks! :)

[nboliver]

@arslanramay some forum posts suggest the use of checkoutShippingAddressUpdateV2 to add the address, other Shopify docs imply you should log in with Multipass, but there are no examples of how to actually do that when you don't have a separate user system and just have a headless front end. Super frustrating!

[multiplehats]

Just bumped into this frustrating limitation myself. Spent hours upon hours huilding a headless storefront, to find out you can't login someone via the Storefront Api when you redirect them to the check out.

Kinda weird it's possible for the mobile SDK. There has to be a way where we can generate a token server side to send along?

I'm actually sad 😞

[nboliver]

I’ve just realised that we can associate a shipping address to a checkout. Oh man. Not sure how I’ve missed that. That way the customer has no need to log in again as they’ll see their email address and shipping already prefilled. Awesome!

But you can't do it with a cart, and you need to use the cart workflow to access subscriptions.