Search Results :

×
Sign Up Contact Us

Contents

OAuth Single Sign-On (SSO) For Shopify Using Affinidi as Identity Provider

miniOrange allows Affinidi to act as an IDP (Identity Provider), which allows users to Single Sign-On (SSO) into Shopify using Affinidi Credentials. Our application is compatible with all the SAML / OAuth compliant Identity Providers. We will go through a step-by-step guide to configure Single Sign-On (SSO) into Shopify using Affinidi as IdP (Identity Provider) and Shopify store as SP (Service Provider).

Shopify Affinidi Login SSO - download plugin button Install Application Shopify Affinidi Login SSO - application pricing button Shopify Affinidi Login SSO - plugin pricing button Pricing Plans

To configure SSO into Shopify using Affinidi as an identity provider (IDP), you will need to install the miniOrange Shopify Single Sign-On - SSO Login Application on your store.


Youtube-color Created with Sketch.

Check out our video, to know more about how Single-Sign-On works in Shopify.

Follow the step-by-step guide for Single Sign-On in Shopify store Using Affinidi as an identity provider.

  • Go to your Shopify store and navigate to the App section and click on Single Sign On - SSO login application.
    • Shopify Affinidi Login SSO - Add SSO Application

  • Click on the Add identity Provider button to add your IDP.
    • Shopify Affinidi Login SSO - Add Identity Provider

  • Select OAuth 2.0 protocol.
    • Shopify Affinidi Login SSO - Select OAuth Protocol

  • Now choose Custom IdP from the list of identity providers (IDPs).
    • Shopify Affinidi Login SSO - Select Affinidi as identity provider

  • Copy the OAuth Callback URL and keep it handy as it will be used in further step.
    • Shopify Affinidi Login SSO - Get Callback URL
  • Go to Affinidi Login under the Services section.
  • Click on the Create Login Configuration and provide the required details.
  • Enter the name as per your convenience.
  • Redirect URIs is the OAuth Callback URL which you will get from Step 1.
Shopify Affinidi Login SSO - Create App

  • Under Additional Configuration, for the Auth method, select Client Secret Post.
Shopify Affinidi Login SSO - Select Auth Method

  • Click on Edit.
Shopify Affinidi Login SSO - Select Auth Method

  • Copy the presentation definition below.
{
  "id": "vp_email_user_profile",
  "submission_requirements": [
    {
      "rule": "pick",
      "min": 1,
      "from": "A"
    }
  ],
  "input_descriptors": [
    {
      "id": "email_vc",
      "name": "Email VC",
      "purpose": "Check if VC data contains necessary fields",
      "group": ["A"],
      "constraints": {
        "fields": [
          {
            "path": ["$.type"],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "Email"
              }
            }
          },
          {
            "path": ["$.credentialSubject.email"],
            "purpose": "Check if VC contains email field",
            "filter": {
              "type": "string"
            }
          },
          {
            "path": ["$.issuer"],
            "purpose": "Check if VC Issuer is Trusted",
            "filter": {
              "type": "string",
              "pattern": "^did:key:zQ3shtMGCU89kb2RMknNZcYGUcHW8P6Cq3CoQyvoDs7Qqh33N"
            }
          }
        ]
      }
    },
    ...
  ]
}
  • Paste it in PEX editor, then click on Continue button.
Shopify Affinidi Login SSO - Paste presentation definition

  • Copy the ID Token Mapping below. This ID Token format is based on the presentation definition we defined previously.
{
  "id": "vp_email_user_profile",
  "submission_requirements": [
    {
      "rule": "pick",
      "min": 1,
      "from": "A"
    }
  ],
  "input_descriptors": [
    {
      "id": "email_vc",
      "name": "Email VC",
      "purpose": "Check if VC data contains necessary fields",
      "group": [
        "A"
      ],
      "constraints": {
        "fields": [
          {
            "path": ["$.type"],
            "purpose": "Check if VC type is correct",
            "filter": {
              "type": "array",
              "contains": {
                "type": "string",
                "pattern": "Email"
              }
            }
          },
          {
            "path": ["$.credentialSubject.email"],
            "purpose": "Check if VC contains email field",
            "filter": {
              "type": "string"
            }
          },
          {
            "path": ["$.issuer"],
            "purpose": "Check if VC Issuer is Trusted",
            "filter": {
              "type": "string",
              "pattern": "^did:key:zQ3shtMGCU89kb2RMknNZcYGUcHW8P6Cq3CoQyvoDs7Qqh33N"
            }
          }
        ]
      }
    }
  ]
}
  • Paste it in ID token mapping editor and click on Done button.
Shopify Affinidi Login SSO - Paste ID Token Mapping

  • After copying the Client ID & Issuer and closing the popup, you are redirected back to the Affinidi Login page.
Shopify Affinidi Login SSO - Copy Client ID and Secret

  • Navigate back to the miniOrange Single Sign On-SSO application and click on Add identity Provider button.
Shopify Affinidi Login SSO - single sign on application

  • Select OAuth protocol.
Shopify Affinidi Login SSO - Select OAuth protocol

  • From the list of identity providers (IDPs), select Custom IDP.
Shopify Affinidi Login SSO - Select Affinidi as IDP

  • Enter the identity provider (IDP) display name.
  • Now, fill in the required details like Endpoints, Client ID, Client Secret, and Scope.
  • Please refer to the below table for configuring the values:
App Name Affinidi
App Display Name As per your convenience
Authorize Endpoint https://<your-affinidi-domain>.login.affinidi.io/oauth2/auth
Token Endpoint https://<your-affinidi-domain>.login.affinidi.io/oauth2/token
User Info Endpoint https://<your-affinidi-domain>.login.affinidi.io/userinfo
Scopes openid offline_access
  • Note down the Callback URL which will be required while configuring SSO.
Shopify Affinidi Login SSO - Import Affinidi Metadata

  • Click on Save.
  • After saving the IDP configuration, you will be redirected to Test Connection step.
  • Please perform Test Connection before mapping or fetching attributes, test connection ensures that your IDP configuration is correct.
  • Click on the Test Connection button.
Shopify Affinidi Login SSO - Click Test Connection

  • On entering valid Affinidi account credentials you will see a pop-up window which is shown in the below screen.
Shopify Affinidi Login SSO - Test Connection with Affinidi

  • Click on the Fetch Attributes button to fetch IDP attribute.
Shopify Affinidi Login SSO - Fetch identity provider attributes

  • Click on the + Attribute Mapping button to map attributes between Shopify and Affinidi.
Shopify Affinidi Login SSO - Add Attribute Mapping

  • Map the attributes by refering the table below:
Shopify Affinidi Login SSO - Map the Affinidi attributes

Attribute Name in Shopify Choose the attribute from the list of predefined attributes
Attribute Type IDP Attribute
Attribute Value Select the attribute value you have fetched from your IDP
  • Click on Save.
Shopify Affinidi Login SSO - Save attribute mapping

Shopify SSO Login - Enable SSO Login Button

Note: This step applies only to Shopify legacy accounts and not Shopify customer accounts.


  • Navigate to the Enable SSO Button section.
  • The following button attributes can be customized: button text, text below SSO button, background color, text color, width, and height.
Shopify SSO Login - Edit SSO Button

  • By default, the “Enable SSO Button” option is in enabled state.
  • If it is not, enable it first, then click the Enable Extension button, as shown in the image below.
Shopify SSO Login - Enable Extension

  • Enable the SSO Login Widget IDP extension.
  • You will see the Login with miniOrange button added to your Shopify store.
  • Click on Save
Shopify SSO Login - Enable SSO Login Widget

Auto-Redirect to IDP

Auto-Redirect users to the IDP's login page when they try to access the Shopify store.
Protect Complete Store with SSO

Restrict store access to logged-in users and redirect others to the password page.
Single Logout Endpoint (SLO)

End the user's session in the store and IdP when they log out from any connected platform

Users session extension

Extend user sessions beyond 24 hours, ensuring longer access without compromising security.
Email Domain Based Restrictions

Restrict user logins based on configured email domains, allowing or denying access accordingly.
Auto Tagging (After SSO)

Assign tags to users after SSO login for streamlined management and personalized experiences.
More FAQs ➔

Follow the steps outlined here to configure SSO in Shopify with your preferred IDP.

Redirection to any other site might be blocked in the browser. Please follow the steps given here to resolve the issue.

Follow the steps outlined here to redirect your customer to collections/cart or any other page.

You must upgrade to the SSO application’s Enterprise plan to enable the Auto-Redirect to the IDP feature. Follow the steps outlined here to enable this feature.

Please reach out to us at shopifysupport@xecurify.com, and our team will assist you with setting up the Shopify SSO application. Our team will help you to select the best suitable solution/plan as per your requirement.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support