Hi Moonbase team,
we use the Custom Integration storefront mode. Customers authenticate through our server-side PHP integration using the Storefront API, and the access and refresh tokens remain securely stored in the PHP session.
When we open the Embedded Storefront checkout, the browser widget does not recognize the existing customer session and asks for the customer details again.
Is there a documented and supported server-to-browser session handoff or SSO mechanism for the Embedded Storefront? For example:
a short-lived one-time token
a signed session-exchange endpoint
or another supported way to initialize the widget with an already authenticated customer
We do not want to expose access or refresh tokens in the HTML or manually write the widget’s internal moonbase_authlocalStorage entry.
What is the recommended architecture for sharing authentication between a server-rendered custom storefront and the Embedded Storefront checkout?
Cheers,
Marc
Please authenticate to join the conversation.
In Review
Feature Request
10 days ago

Marc Wensauer
Get notified by email when there are changes.
In Review
Feature Request
10 days ago

Marc Wensauer
Get notified by email when there are changes.