View password in identity-signup webhook

carl · May 11, 2019, 8:38pm

Hello,

I am using Netlify Identity for customer accounts on an eCommerce page. We are integrating with a headless eCommerce service named Moltin. Moltin requires customers to authenticate to view items like past orders.

I can easily create Moltin customer accounds when Netlify Identity signups with something like this in the client:

export const auth = new GoTrue({
APIUrl: “https://mydomain/.netlify/identity”,
audience: “”,
setCookie: false
});

auth.signup(credentials.email, credentials.password, credentials.attributes).then(() => {
Moltin.addCustomer(credentials.email, credentials.password)
})

This is a little slow, because the client has to make two sequential API calls. Based on how the Identity Webhooks are designed, it seems logical that the Moltin add customer logic should moved to the webhook where it will be faster, and atomic so rather than being sequential the Identity signup will fail if the Moltin webhook doesn’t return a 200 status code.

Unfortunately the password metadata is not included in the webhook payload, which I assume is for good safety reasons. I could include the password as arbitrary user metadata and then would be able to access in webhook, but I worry there is some safety issue I am not considering.

What would be the ideal mechanism for handling this sort of parallel user management with Identity and Functions?

futuregerald · May 13, 2019, 2:34pm

Hi @carl,

Dealing with auth can be difficult since security is the primary concern, and for that reason there is no way to get a user’s password in Identity. We don’t actually store the plain text version of that password (this is good practice), we just store a salted, hashed version that we can use to authenticate users.

I’ve never used Moltin so I can’t speak on the best way to use it, but if they do require a password then you’ll have to set one. This also means if a user resets their Identity password, you will have to reset the Moltin password. I’m actually surprised there isn’t a way to use a third party auth platform with Moltin though. Sorry I don’t have a better answer for you!

carl · May 14, 2019, 12:24am

Thanks for the response. I had suspicion this was the case. I am working with Moltin support in hopes of finding better resolution.

Kind Regards

futuregerald · May 15, 2019, 12:58am

You’re welcome, @carl. Let us know if you find a solution!