如何“登录客户"?通过BigCommerce进入，并允许他们访问自定义网站 [英] How to "log customer in" in through BigCommerce and give them access to a custom website

问题描述

我有一个使用Bigcommerce的现有网站，并且有大量客户.我希望能够使所有客户使用与他们登录我的BigCommerce网站时相同的登录名/密码来访问辅助网站.我有办法让他们登录到BigCommerce，我的网站可以验证该客户是他们所说的吗?

I have an existing website that uses Bigcommerce and I have a large customer list. I want to be able to give all of my customers access to a secondary website using their same login/password that they use to log into my BigCommerce website. Is there a way for me to let them login to BigCommerce and my website can verify that that customer is who they say they are?

这对我的高价值客户非常有用，他们想要一个我无法构建到BigCommerce中的自定义门户，因为我无法访问PHP代码，因此我需要自己的服务器为他们运行自定义代码.我正在想像Facebook登录如何与OAuth一起使用.

This would be very useful for my high value customers who want a custom portal that I cannot build into BigCommerce because I don't have access to the PHP code so I need my own server running custom code for them. I am imagining something like how Facebook login works with OAuth.

推荐答案

我找到了答案！

这需要一些后端知识，但是要使它正常工作还需要做一些很酷的事情.

It takes a bit of backend knowledge, but there's some cool things going on to get this to work.

1. 在您的客户url上设置Web应用程序，但是请确保客户url为https://*.yourwebstore.com，而您的商店url为 https://www.yourwebstore.com (必须使用https)

1. Setup a web application at your customer url, however ensure the customer url is https://*.yourwebstore.com where your store url is https://www.yourwebstore.com (the https is necessary)

当登录的BC用户访问您的网站时，抓取他们的cookie，尤其是以下一个:SHOP_TOKEN现在，仅当您使用HTTPS时，此cookie才会被发送，因此请确保您使用的是HTTPS

When a logged in BC user hits your website grab their cookies, specifically this one: SHOP_TOKEN now this cookie will ONLY get sent if you are HTTPS, so ensure you are HTTPS

接下来，将Cookie欺骗，并将网络请求欺骗给bigcommerce，然后作为回报再次读取cookie！ BC将向您发送包含您的customerId的cookie.

Next take the cookie and spoof a web request to bigcommerce and in return read the cookies again! BC will send you a cookie with your customerId.

使用该customerID在BC数据库中查找该客户以查找其电子邮件，现在您也可以将其登录到您的系统中.

Use that customerID to look the customer up in the BC database to find their email and now you can log them into your system as well.

出于安全原因，我也在系统中进行了进一步检查，但是如果您需要更多其他信息以超级安全地将BC用户安全地带入客户身份验证门户，请在此不做介绍.

I did some further checking as well in my system for security reasons, but I won't go into that here, pm me if you need more info on other ways to super securely grab your BC user into your customer auth portal.

这篇关于如何“登录客户"?通过BigCommerce进入，并允许他们访问自定义网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！