SSO/session handoff between Custom Integration and Embedded Storefront

Hi Moonbase team,

we use the Custom Integration storefront mode. Customers authenticate through our server-side PHP integration using the Storefront API, and the access and refresh tokens remain securely stored in the PHP session.

When we open the Embedded Storefront checkout, the browser widget does not recognize the existing customer session and asks for the customer details again.

Is there a documented and supported server-to-browser session handoff or SSO mechanism for the Embedded Storefront? For example:

  • a short-lived one-time token

  • a signed session-exchange endpoint

  • or another supported way to initialize the widget with an already authenticated customer

We do not want to expose access or refresh tokens in the HTML or manually write the widget’s internal moonbase_authlocalStorage entry.

What is the recommended architecture for sharing authentication between a server-rendered custom storefront and the Embedded Storefront checkout?

Cheers,
Marc

Please authenticate to join the conversation.

Upvoters
Status

In Review

Board
💡

Feature Request

Date

10 days ago

Author

Marc Wensauer

Subscribe to post

Get notified by email when there are changes.