Search Results :


Shopify Single Sign-On (SSO) using Apple as IDP – JWT Protocol

This solution allows you to setup Single Sign-On (SSO) into Shopify store and authenticate via JWT using your Apple credentials. When you use single sign-on (SSO) with JWT authentication, a user's identity is verified when they sign in to Apple. The user can then access Shopify store without having to enter any additional sign-in credentials. Only users who have been authenticated by the Apple have access to Shopify store.

jwt token authentication shopify SSO

Whenever a user login to your Apple, the user’s details are taken from apple userbase by the JWT issuer for creating a JWT token having three parts header, payload, and signature. This JWT token is then appended in the Shopify SSO link and when the user clicks on the SSO link, there will be a signature validation process and if the signature is validated, the user is authentic and will be granted access to the Shopify store otherwise, the access will be denied.

Pre-requisite : Single Sign On - SSO Application

To configure Single Sign-On (SSO) on your Shopify store using JWT, you will need to install the miniOrange Single Sign On - SSO Application on your Shopify store:

miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify applications(both plus and Non plus Stores).


Step by Step guide for Single Sign-On in Shopify Store Using Apple Credentials (JWT Token)

1.  Configure JWT Authentication in Shopify Single Sign-on (SSO) application

  • Navigate to Apps section and Click on Single Sign On - SSO Login Application.

    shopify app section - single sign on application
  • Click on Setup IDP button in the top left in navigation bar.

    Single Sign-On (SSO)for Shopify (Plus and Non Plus), Configure IDP for enabling Single Sign-On (SSO)
  • Navigate to User Stores and click on the Add User Store button.

    shopify authentication via jwt - add user store
  • Navigate to the JWT section and Select the JWT Signing Algorithm.

  • shopify authentication via jwt - jwt section
    JWT Identifier Enter appropriate IDP name (It will be used in SSO link)
    Login URL Authentication endpoint of company on which the user will get authenticated and get redirected to miniOrange JWT SSO link
    User Identifier The attribute in which you are passing email address as parameter
    JWT Signing Algorithm

    Token Introspection

    Introspection Endpoint The token introspection endpoint provided by Apple using which we will verify the jwt token.
  • Click on the Save button.

2.  Create the SSO link to Single Sign-On to Shopify

  • Append the data in the below URL format.

    Customer ID miniOrange will provide customer ID
    IdpIdentifier JWT Identifier in above image
    JWT token Provided by the organization using SSO services. The JWT token needs to have these three mandatory parameters in the payload:

    iat - The time when this token was issued.
    exp - expiration time of this token.
    user_identifier - attribute in which you are passing email address
    Store-domain The primary domain of your Shopify store{customerId}/{idpIdentifier}/{jwtToken}?relay=<store-domain>/account

  • After substituting the values click on the Single Sign-On (SSO) link. You will be redirected to the Shopify store.

    SSO using JWT - Test Successfull
  • Hence you have successfully configured Shopify Single Sign-On (SSO) using Apple Credentials (JWT Authentication) using miniorange Single Sign-On (SSO) login application. This solution ensures that you are ready to roll out secure access to your Shopify store using Apple (JWT Token) within minutes.

Additional Resources

If you are looking for anything which you cannot find, please drop us an email on

Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to