search

Shopify / checkout-sheet-kit-react-native

Shopify's Checkout Sheet Kit for React Native - simplifying the process of adding checkout to your native apps.
https://shopify.dev/docs/custom-storefronts/mobile-apps
MIT License
35 stars 5 forks source link

Cannot return to logged out experience once using Multipass URL #85

Open BARK-AHAAS opened 6 months ago

BARK-AHAAS commented 6 months ago

What area is the issue related to?

Checkout Sheet Kit

What version of @shopify/checkout-sheet-kit are you using?

2.0.1

Do you have a minimum reproducible example?

No response

Steps to Reproduce

  1. Open the checkout sheet using a Multipass URL with a return_to set to the checkoutURL.
  2. Confirm you are getting the logged in experience of saved addresses and email
  3. Close checkout sheet
  4. Open checkout sheet using generic checkoutURL (no multipass)

Expected Behavior

It would be expected that the logged out experience would be shown with no saved data from the previously logged in user

Actual Behavior

The previously used multipass session is still active and displaying the saved customer's information in checkout even though they are logged out in the app and a general checkoutURL was used.

Screenshots/Videos/Log output

No response

Storefront domain

No response

markmur commented 6 months ago

Hey @BARK-AHAAS, the logged in state will persist across webviews because of auth cookies that are set on page load.

We don't currently offer a way to hook into the native webviews in the React Native implementation to delete the cookies, but you could try manually clearing them on close using https://github.com/react-native-cookies/cookies/tree/master?tab=readme-ov-file#webkit-support-ios-only

import CookieManager from '@react-native-cookies/cookies';

// CheckoutSheetKit uses WKWebView in swift, so you will want to set this to true
const useWebKit = true;

CookieManager.clearAll(useWebKit)
    .then((success) => {
        // done
    });
BARK-AHAAS commented 6 months ago

Thank you @markmur - I will give that a shot. This question is a little out of scope of checkout-sheet but if i dont want to remove ALL cookies but instead only the one(s) responsible for logging out the customer do you happen to know which ones those are?

markmur commented 6 months ago

Can you say more about your use-case here @BARK-AHAAS?

Are users unable to log out from the logged in view? or do you want to control the identity state here when a user logs out from your app?

BARK-AHAAS commented 6 months ago

The original use case is to log out of the logged in view. Since authentication is not handed through the Webview, when i log out of the user session in the native app and go into checkout it still is logged in due to the cookies still saved in the Webview itself (as you noted correctly in your response).

The new "issue" is that by using CookieManager.clearAll it is removing other cookies, not necessarily tied to the user session. The main issue this highlighted was all our non-production sites are password protected and we "authenticate" those webviews using the storefront password on app load so that we can run QA/testing on them smoothly, but now when we are testing logout and go to checkout the webview "reset" so requires a storefront password.

I am not saying this is a blocker as we could add logic to re-authenticate the password protected webview on Logout but just figured if we could be more explicit with removing only the user auth related cookie(s) then it would make the solution for this smoother on our end. Totally understand this is out of the scope of this library so no worries if we want to just close this issue and I will look for other solutions.