My frontend colleagues built an independent website based on Shopify App Proxy a few years ago. In the past, we directly called the backend’s whitelisted API, which invoked the Admin API to generate draft orders for users, allowing them to place orders afterward.
We now have some customized store activities that require ensuring the user sending requests to the backend is indeed the currently logged-in user, not just someone who correctly guessed a customer ID.
Therefore, the backend needs to perform signature verification on the current request content, tokens, and other information. However, it seems that after a successful login via shopify API, the frontend cannot even obtain or pass the necessary information to the backend for verification.
Is there a good way to achieve this?