Setup Single Sign-On (SSO) into Shopify Store using API Authentication
The application programming interface (API) is the interface through which users can request access to protected resources. They must be equipped to ensure that applications and clients attempting to access data are authentic before proceeding to authorized full access once identity is confirmed. When a user tries to log in to a Shopify store with his existing credentials (username and password) stored in the application userbase, the miniOrange single sign-on (SSO) login app makes an API call to the user’s database for authentication, and his credentials are checked against the application user base. The user is granted access to the store if the response received from the application userbase is successful otherwise, access is denied. You can use this method to integrate Single Sign-On (SSO) into your Shopify Store, allowing users to authenticate via your user authentication API and allow access to the Shopify store.
Consider a Company (Company A) has its users stored in the company database which is connected to their JAVA or any other tech stack application. They have API-based authentication for allowing the users to get logged in. The company has opened a Shopify store and they want to integrate SSO into the Shopify store. They don't know whether they need to integrate APIs in Store. SSO Application is a solution to their problem. The users can SSO into the store using their existing credentials present in the Company Database and if they are successfully authenticated then they will get logged in.
Pre-requisite : Single Sign On - SSO Application
To configure Shopify SSO using API Authentication, you will need to install the miniOrange Shopify Single Sign On - SSO Login on your Shopify store:
miniOrange provides secure Single Sign-On (SSO) access to your Shopify Stores (both Plus and Non plus Stores).
Step by Step guide for Configuring SSO into Shopify using API Authentication
1. Setup Custom API authentication source in miniOrange Single Sign-On (SSO) Login App in Shopify
- Login into your Shopify account. Now navigate to the App section and click on Single Sign On - SSO Login App.
- Click on Setup IDP button in the top left in navigation bar.
- Navigate to User Stores and click on the Add User Store button.
- Switch to the API tab and select Custom API from the dropdown.
- Provide an API identifier name.
- Under the Authentication Configuration section, paste the User Authentication URL that you copied in step 1 above.
- You can pass API key via two different methods i.e. Request Header or Request Body.
In this method, The API key is sent as "Authorization_key" via request header. You can refer to the example below.
- Provide the Header Name Authorization_key and its value i.e. Value of your API key that you copied in step 1.
- Select the Method as GET.
- Provide the Authentication Parameters as:
Authentication Parameters {
"username":"##username##",
"password":"##password##"
}Note: Extra parameters can be sent in the Authentication parameters section if required. These parameters are added in the format "parameter-name":"parameter-value". - Provide the Status field’s value as status and Status Message field’s value as message.
Status Name of field in the server response that contains the status code Staus Message Name of the field that gives the description of the status in the response
In this method, The API key is sent as "api_key" parameter in the POST body as JSON.
To configure your provider to send API key as a field in request body, you can refer below.
- In the headers section, provide the Header Name Content-Type and its value
application/json.
(The content-type in the header specifies what type of data is actually sent in the request. Some examples of Content-type can be: application/json; text/html; charset=UTF-8; multipart/form-data; text/plain, etc.) - Select the Method as POST.
- Provide the Authentication Parameters as:
Authentication Parameters {
"api_key":"value",
"username":"##username##",
"password":"##password##"
}Put the API key value that you copied in step 1 in place of 'value'. Note: Extra parameters can be sent in the Authentication parameters section if required. These parameters can be added as fields in request body in the format "parameter-name":"parameter-value". - Provide the Status field’s value as status and Status Message field’s value as message.
Status Name of field in the server response that contains the status code Staus Message Name of the field that gives the description of the status in the response
-
(Optional) You can configure extra attributes to be sent from your API source to Shopify. For this,
click on the Send Configured Attributes toggle button. You will now be able to see Attribute mapping
fields.
In the first field write the name of the attribute that would be sent to Shopify. In the next field write the name of the attribute that will be received from the API source.
- Click on the Save.
Step 2. Test Connection
-
To test the connection, select the user store you just added and click on Test Authorization API.
-
Enter your credentials when prompted and you should be able to see a success message.
3. Testing SSO for your Shopify Store
- Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
- Click on the login button you customized earlier.
- You’ll be redirected to the login page of the IDP you configured in previous step. Log in with your IDP account credentials.
- You’ll be successfully logged in to your Shopify store.
Hence you have successfully configured Shopify Single Sign-On (SSO) using API Authentication.
Troubleshooting
invalid_request
This may be because your primary domain would be different from your Shopify domain. To check your primary domain and make SSO work, follow the steps given here.
shopify_plan_expired
This issue arises when either the trial period of your Development plan is expired. Or if your plan is not auto-renewed from the Shopify end. Contact us at shopifysupport@xecurify.com to resolve the plan upgrade issue and get smooth functioning of the SSO – Single Sign On Application.
invalid_attributes_received
As email is a required entity in Shopify for account creation as well as login operation, Single Sign On is not successful in this case. To resolve this error, please follow given here.
encountered_an_error
When I am performing SSO, I am getting ‘Please verify if Shopify App is installed’ error. To resolve this error, please follow given here.
If your error or query is not listed here, click here to see others.
Frequently Asked Questions (FAQs)
I have followed the steps to set IdP but where can I check SSO?
Follow the steps outlined here to configure SSO in Shopify with your preferred IDP.
I installed the Shopify SSO application. I clicked on the “SETUP IDP” option but nothing opened up.
Redirection to any other site might be blocked in the browser. Please follow the steps given here to resolve the issue.
When I try to perform SSO, I get redirected to the “Incorrect App Configuration” page and then after subsequent attempts, I get redirected to https://store.xecurify.com/moas/login page.
You might be trying to perform SSO in the different tab of the same browser where you have opened
our Single Sign-On – SSO Application or accessed the configuration portal of our application. In
this case, SSO will be restricted due to security reasons.
Try to perform Single Sign On in a new incognito/private window or in a different
browser in order to make SSO work.
After performing SSO, I want my customers to redirect to the collections or discount offer page.
Follow the steps outlined here to redirect your customer to collections/cart or any other page.
How do I enable the SSO application’s auto redirect to IDP feature on my Shopify store?
You must upgrade to the SSO application’s Enterprise plan to enable the Auto-Redirect to the IDP feature. Follow the steps outlined here to enable this feature.
Additional Resources
If you are looking for anything which you cannot find, please drop us an email on shopifysupport@xecurify.com.
Need Help? We are right here!
