Implement A Social Login Without Sessions

- 1 answer

I have implemented a Twitch login on my Shopify website, but how do I persist the authenticated user across my website's pages? Normally this would be done with a session ID, but this being Shopify I cannot access session variables. Is it OK to substitute a regular cookie for this?

  1. User clicks Twitch Login button on my site
  2. Oauth authentication takes place, I get access token, etc.
  3. User is redirected back to my what? When they click to go to a different page, how do I know it's the same user who logged in on the previous page? I'm guessing when they're first redirect back to my site, I create a unique ID and store in a database, then send the ID back (possibly in the URL, or header?) and the client stores that ID in a cookie (via Javascript). Now every page refresh I get that ID from the cookie, send it to my server which checks it against the ID in the database...if it matches, I display the user the page.


You'll need Multipass from Shopify REST Admin API

There is also Node.js module available for this integration on GitHub beaucoo/multipassify

The authentication flow will look something like this:

  1. Authenticate from a 3rd party like Twitch (You've done this)
  2. Encode your customer data the way specified in Shopify Multipass API
  3. Redirect the customer to<MULTIPASS-TOKEN>