Third-Party or Social Login in Storefront

To login a customer with a third-party service, such as Google or GitHub, you must follow the following flow:

Diagram illustrating the authentication flow between the storefront, Medusa application, and the third-party service.

Explanation

You'll implement the flow in this guide using Google as an example.

Step 1: Authenticate Customer in Medusa#

When the customer clicks on a "Login with Google" button, send a request to the Authenticate Customer API route.

For example:

If the Authenticate Customer API route returns a location, then you redirect to the returned page for authentication with the third-party service.

If the route returns a token, then the customer has been authenticated before. You can use the token for subsequent authenticated request.

TipIf you're using a provider other than Google, or if you've configured the Google provider with an ID other than google , replace google in the URL http://localhost:9000/auth/customer/google with your provider ID.

Step 2: Callback Page in Storefront#

The next step is to create a page in your storefront that the customer is redirected to after they authenticate with Google.

You'll use this page's URL as the Redirect Uri in your Google settings, and set it in the callbackUrl of your Google provider's configurations.

First, install the react-jwt library in your storefront to use it for decoding the token:

Then, in a new page in your storefront that will be used as the callback / redirect uri destination, add the following:

This adds in the new page the function sendCallback which sends a request to the Validate Callback API route, passing it the code received from Google.

Then, replace the TODO with the following:

Fetch API / React Applicable
1const createCustomer = async (token: string) => {2  await fetch(`http://localhost:9000/store/customers`, {3    credentials: "include",4    method: "POST",5    headers: {6      "Content-Type": "application/json",7      "Authorization": `Bearer ${token}`,8      "x-publishable-api-key": process.env.NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY || "temp",9    },10    body: JSON.stringify({11      // TODO show form to retrieve email from customer12      email: "example@medusajs.com",13    }),14  }).then((res) => res.json())15}16
17// TODO add more functions...

This adds to the page the function createCustomer which, if the customer is new, it uses the token received from the Validate Callback API route to create a new customer.

Next, replace the new TODO with the following:

Fetch API / React Applicable
1const refreshToken = async (token: string) => {2  const result = await fetch(`http://localhost:9000/auth/token/refresh`, {3    credentials: "include",4    method: "POST",5    headers: {6      "Authorization": `Bearer ${token}`,7    },8  }).then((res) => res.json())9
10  return result.token11}12
13// TODO add more functions...

This adds to the page the function refreshToken which is used after the new customer is created to refresh their authentication token. This ensures that the authentication token includes the details of the created customer.

Finally, add in the place of the new TODO the validateCallback function that runs when the page first loads to validate the authentication:

The validateCallback function uses the functions added earlier to:

  1. Send a request to the Validate Callback API route, which returns an authentication token.
  2. Decodes the token to check if it has an actor_id property.
  • If so, then the customer is previously registered, and the authentication token can be used for subsequent authenticated requests.
  • If not:
    1. Create a customer using the Create Customer API route.
    2. Refetch the customer's token after it's created using the Refresh Token API route.
    3. Use the token for subsequent authenticated requests.

Full Code Example for Callback Page#

Full Example
Was this page helpful?
Edit this page