Hey there,
My shop needs to rely on logging in due to compliance reasons. Majority of my customers have form-based login user email/password, which is handled by browsers. Shopify relies on sending a mail with a code with each login attempt (valid max 30 days/browser) with new customer accounts. This is a horrible UX, like I need to reset my password every time loggin in. I also need access and switch back and forth between different apps with copy-paste… Shopify presents no solution to this problem - thats why I need to stick with legacy accounts and get stuck in the old world having a bunch of problems using social login or hydrogen. Also there is no migration path to mover over customers one by one; its an all or nothing. Is shopify planning to improve that situation for us poor developers and shop owners or do we have to live with that? Moving to an own IdP is on a shopify plus plan, which pumps prices almost 100 fold.
Thx Walter
Hi Walter,
Thanks for your feedback - I’m digging into this to see what recommendations we’d have. Also you mentioned:
Can you explain why you’re doing this?
Sure, let me try:
I have a store for private practices (MDs) where their patients can order prescribed meds, roughly 3000 regular customers with re-visits every couple of months when they need new medication. Most of are older, some handicapped and appreciate the digital service, 70 % use email/password, but I also use oxi social plugin for social login. I created additional services for making appointments and exchanging documents; so its sth like a patient’s portal for private practices. I looking at hydrogen for a better UI for those “side-services” like documents and appointsments; main goal is to grow userbase and cross-sell other items than prescribed meds and to offer addional revenues for doctors as well. User base is growing by 20-40 % year.
Switching from Lecacy to new customer logins I would end up with the “bad UX” of entering code and switching back-and-forth between email and login. I also have an android and ios app; there the experience would be even worse….
What I want to offer is an experience with user/pwd and social login with hydrogen; as easy as that, linked with an existing shop, ideally I can use both at the same time for transition phase. I tried several things - use firebase auth, so that I can keep user/pwd and other options - but for that I need the plus plan. In hydrogen i built my own auth logic based on legacy account - used Firebase auth with the admin api to set a fixed password via firebase trigger in case of social login is used; form-based auth from hydrogen (which works, but social not). I cant get the PUT for setting a password on the customer object working.. it seems that the admin API is not supported. The documentation points out it is decommitted with 2023-10, but not sure because it is marked as “deprecated” and not “eliminated”. Error message are not clear, maybe I m doing sth wrong. But It seem i have to force my costomers on the “login with email” code, there is no oher way.
Actually I really do not get why shopify leaned into that idea of “passwordless” auth using email. UX is horrible (switching apps, copy-paste, ugggh..) and security as well - access to email means access to any shop; no 2FA, no passkey etc. - it seems obvious that shopify needs to change this and I would be interested if there is a plan to do so - and for the first time I am considering moving away from shopify and implementing the whole thing from scratch - sure I am not alone with that kind of frustration. Its a sideproject, its small but with a nice impact; dont have the business model to pay 2-3000 USD a month for multipass/shopify pro.
So - would be nice to know if the community can expect some changes on the authN side, especially for hydrogen where flexiblity is key - the current strategy with authN seems very displaced. Also some insight if it is possible to offer user/pwd & social logins on hydrogen with existing store as backend, wihout plus plan.
Thx a lot, Walter