Shopify Single Sign-On (SSO) using Apple as IDP – JWT Protocol
This solution allows you to setup Single Sign-On (SSO) into Shopify store and authenticate via JWT using your Apple credentials. When you use single sign-on (SSO) with JWT authentication, a user's identity is verified when they sign in to Apple. The user can then access Shopify store without having to enter any additional sign-in credentials. Only users who have been authenticated by the Apple have access to Shopify store.
Whenever a user login to your Apple, the user’s details are taken from apple userbase by the JWT issuer for creating a JWT token having three parts header, payload, and signature. This JWT token is then appended in the Shopify SSO link and when the user clicks on the SSO link, there will be a signature validation process and if the signature is validated, the user is authentic and will be granted access to the Shopify store otherwise, the access will be denied.
Pre-requisite : Single Sign On - SSO Application
To configure Single Sign-On (SSO) on your Shopify store using JWT, you will need to install the miniOrange Single Sign On - SSO Application on your Shopify store:
miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify applications(both plus and Non plus Stores).
Step by Step guide for Single Sign-On in Shopify Store Using Apple Credentials (JWT Token)
1. Configure JWT Authentication in Shopify Single Sign-on (SSO) application
- Navigate to Apps section and Click on Single Sign On - SSO Login Application.
- Click on Setup IDP button in the top left in navigation bar.
-
Navigate to User Stores and click on the Add User Store button.
- Navigate to the JWT section and Select the JWT Signing Algorithm.
- Click on the Save button.
| JWT Identifier | Enter appropriate IDP name (It will be used in SSO link) |
| Login URL | Authentication endpoint of company on which the user will get authenticated and get redirected to miniOrange JWT SSO link |
| User Identifier | The attribute in which you are passing email address as parameter |
| JWT Signing Algorithm |
Token Introspection |
| Introspection Endpoint | The token introspection endpoint provided by Apple using which we will verify the jwt token. |
2. Create the SSO link to Single Sign-On to Shopify
-
Append the data in the below URL format.
Customer ID miniOrange will provide customer ID IdpIdentifier JWT Identifier in above image JWT token Provided by the organization using SSO services. The JWT token needs to have these three mandatory parameters in the payload:
iat - The time when this token was issued.
exp - expiration time of this token.
user_identifier - attribute in which you are passing email addressStore-domain The primary domain of your Shopify store https://store.xecurify.com/moas/broker/login/jwt/callback/{customerId}/{idpIdentifier}/{jwtToken}?relay=https://store.xecurify.com/moas/broker/login/shopify/<store-domain>/account
-
After substituting the values click on the Single Sign-On (SSO) link. You will be redirected to the Shopify store.
Hence you have successfully configured Shopify Single Sign-On (SSO) using Apple Credentials (JWT Authentication) using miniorange Single Sign-On (SSO) login application. This solution ensures that you are ready to roll out
secure access to your Shopify store using Apple (JWT Token) within minutes.
Additional Resources
If you are looking for anything which you cannot find, please drop us an email on shopifysupport@xecurify.com.
Need Help? We are right here!
