How to allow users to create their own accounts without exposing tokens

angular

#1

Hi! So I’m making an e-commerce with Angular 6 and I’d like to allow users to create their own accounts without exposing any tokens on my front-end code. Problem is, it requires an Bearer token to create a new customer, I’ve read the documentation and it says I can generate an implicit token using a client_id, but that feels like that token would have unrestricted access to all API calls/endpoints which is not safe and not what I’m looking for.

I’d like to be able to allow users to create an account/login and do user stuff like grab products, add new products, purchases products, etc. Is the e-commerce not focused on front-end applications or am I not understanding the documentation? I’d like to be able to accomplish my goal without any middleware.

OBS: Posted here since Help was returning “internal server error”


#2

Hi @arthurgeron

Implicit authentication for the most part only allows you read access to endpoints with a couple of exceptions such as carts (to add a product to a cart). In order for you to update products, you would need to use client_credential authentication from a back-end script. To do the above scenario I would think it likely that you would need to create some kind of middleware to handle this and also create a custom field on a product that associated the product with the customer.


#3

Hi @arthurgeron

Following on from what @drew said, while you would need client_credentials to add new products, you can also use a JWT with certain requests to do things like; get previous orders by customer, create a new order for a customer and add or update customer addresses.

You can see all of the available endpoints that support the customer JWT here.

I hope this helps :smile:


#4

My intent is to build an e-commerce similar to ebay but now I see that’s going to be really hard, specially if I want to products to be associated to an user and for him to receive the money… Well, thank you anyway for the info!