Hello, really specific question:
In the Storefront GraphQL API, using the customerAccessTokenCreate mutation, if a user account exists but is disabled, we receive the “UNIDENTIFIED_CUSTOMER” error code, whereas we would expect the “CUSTOMER_DISABLED” error code, so that we can send an activation email or display an appropriate error message.
Is this perhaps a bug?
Hi AubV60,
I’ve connected with the Storefront API product team on this possible bug, and will update here when I learn more.
Thanks Liam, I appreciate it.
After investigating myself, this behaviour is the same as the default login form, so I presume that this is a security feature, to prevent a malicious user from brute-forcing and getting a list of our customers’ email addresses.
Would be good to get confirmation of this from Shopify, if possible?
I couldn’t see this in the documentation.
Thanks