Field 'customerAccessToken' doesn't exist on type 'CartBuyerIdentity'

Hydrogen and Storefront APIs
1

The ability to authenticate a customer during the cart creation process was recently introduced by passing the customerAccessToken to the cartCreate or the cartBuyerIdentityUpdate mutation.
Following this example, step 6):

https://shopify.dev/docs/storefronts/headless/building-with-the-storefront-api/cart/manage#step-6-authenticate-customer-for-logged-in-checkouts

Running the query in the GraphiQL explorer returns:

{
  "errors": [
    {
      "message": "Field 'customerAccessToken' doesn't exist on type 'CartBuyerIdentity'",
      "locations": [
        {
          "line": 11,
          "column": 9
        }
      ],
      "path": [
        "mutation",
        "cartBuyerIdentityUpdate",
        "cart",
        "buyerIdentity",
        "customerAccessToken"
      ],
      "extensions": {
        "code": "undefinedField",
        "typeName": "CartBuyerIdentity",
        "fieldName": "customerAccessToken"
      }
    }
  ]
}

I did not manage to get this working with either mutation (also tried cartCreate). Passing the customerAccessToken for the variable input also does not authenticate the test user. The checkout URL still redirects to the login. The accessToken is valid and not expired.

Any ideas?

2

What API version are to using?
Do you have an example of your query and variables? With obviously not the real access token value :grin:

3

Tested with 2024-10 and 2025-01
You can use the query from the docs example linked above, this does return the error in the GraphiQL storefront explorer:

mutation {
  cartBuyerIdentityUpdate(
    cartId: "gid://shopify/Cart/Z2NwLXVzLWV4YW1wbGU6MDEyMzQ1Njc4OTAxMjM0NTY3ODkw?key=examplekey1234567890"
    buyerIdentity: {
      customerAccessToken: "1b024bde52fcce3c363d2e67f7a13958"
    }
  ) {
    cart {
      id
      buyerIdentity {
        customerAccessToken
      }
    }
  }
}
4

Ohhh I’ve got it, its on the response if you remove customerAccessToken from the response. Then it works, you still need it on the input but not on the response/output. :slight_smile:

For example:

mutation {
  cartBuyerIdentityUpdate(
    cartId: "gid://shopify/Cart/Z2NwLXVzLWV4YW1wbGU6MDEyMzQ1Njc4OTAxMjM0NTY3ODkw?key=examplekey1234567890"
    buyerIdentity: {customerAccessToken: "1b024bde52fcce3c363d2e67f7a13958"}
  ) {
    cart {
      id
      buyerIdentity {
        email
      }
    }
    userErrors {
      field
      message
    }
    warnings {
      target
      message
      code
    }
  }
}

You should also check for any userErrors or warnings just incase :slight_smile:

5

You’re right, the error then goes away - as there is apparently no input validation. I’m pretty sure that the customerAccessToken input is just ignored.

As an example, here is the json request body you can send to your graphQL endpoint.
I would assume it would indentify the customer just by the access token. But the “email” returned is null - it failed to identify the customer.
If I pass the e-mail as well as part of buyerIdentity, it successfully identifies the customer and the right customer ID is returned.

Also I would assume that the checkout URL would allow for a checkout without the log-in prompt - but this still comes up, indicating the authentication did fail.

{
  "query": "mutation cartCreate($input: CartInput!) {
    cartCreate(input: $input) {
      cart {
        id
        checkoutUrl
        buyerIdentity {
          email
        }
      }
      userErrors {
        field
        message
      }
      warnings {
        target
        message
        code
      }
    }
  }",
  "variables": {
    "input": {
      "lines": [
        {
          "merchandiseId": "gid://shopify/ProductVariant/41550405959745",
          "quantity": 1
        }
      ],
      "buyerIdentity": {
        "customerAccessToken": "1c4d924054fde92a0747dj4a445d0e56"
      }
    }
  }
}