Blending Shopify Customer Accounts with Firebase Auth

By nuwudorder | September 23, 2025

Introduction

Authentication in Hydrogen is tricky. Shopify has its Customer Account API for commerce identity, while many developers want to use Firebase Auth (or Supabase Auth) for SSO, social login, and app-wide sessions.

The result? Many teams end up building hybrid authentication models β€” where Shopify handles commerce identity, and Firebase (or similar) manages cross-platform login.

This post explores how to design those hybrids safely.

Why Hybrid Auth?

  • πŸ›’ Commerce identity β†’ Shopify Customer Account = checkout, orders, account pages.
  • 🌐 Cross-platform identity β†’ Firebase Auth = Google/Apple login, mobile apps, external services.
  • πŸ”— Bridge requirement β†’ merchants want both worlds: seamless checkout + unified login across properties.

Example: Shopify + Firebase Hybrid Flow

Step 1. User Logs in with Firebase

  • Firebase Auth generates a JWT.
  • Hydrogen app validates the JWT.

Step 2. Map Firebase User to Shopify Customer

  • Use Firebase email β†’ query Shopify Customer Account API.
  • If match found β†’ sync tokens.
  • If not found β†’ create Shopify customer record.

const firebaseUser = await admin.auth().verifyIdToken(token); const shopifyCustomer = await context.customerAccount.query(CUSTOMER_LOOKUP, { variables: { email: firebaseUser.email }, });

Step 3. Maintain Session

  • Firebase manages app session.
  • Shopify Customer Account session used only for checkout/account flows.

Pitfalls to Watch

  • ❌ Token mismatches β†’ Firebase and Shopify sessions drift.
  • ❌ Logout sync issues β†’ user logs out of one but not the other.
  • ❌ Duplicated accounts β†’ customer exists in Firebase but not Shopify.
  • ❌ Security holes β†’ missing JWT verification in Hydrogen.

Guardrails & Best Practices

  • βœ… Middleware β†’ verify Firebase JWT on all Hydrogen routes.
  • βœ… Refresh flows β†’ keep Shopify + Firebase sessions in sync.
  • βœ… Link by email or customerId β†’ unify identity across systems.
  • βœ… CI/CD tests β†’ ensure login/logout consistency in E2E tests.
  • βœ… Document flows β†’ clear diagrams for dev + client teams.

Case Example: Health & Wellness Brand

  • Needed Apple/Google login for mobile app, but Shopify identity for checkout.
  • Built Firebase-first auth, mapped users to Shopify customers by email.
  • Added middleware to verify Firebase JWT before GraphQL calls.
  • Outcome: frictionless login across app + storefront, seamless checkout.

Conclusion

Hybrid authentication models let brands combine Shopify’s commerce identity with Firebase’s cross-platform power. But without guardrails, token drift and duplicate accounts can create chaos.

Think of Shopify as your cashier and Firebase as your doorman β€” they must talk to each other.

Posted in Blog

About nuwudorder