Search Results :


Shopify Single Sign-On (SSO) using Cognito as IDP – JWT Protocol

This solution enables you to configure Single Sign-On (SSO)Shopify store and authenticate via JWT with your Cognito credentials. When you use JWT authentication with single sign-on (SSO), a user's identity is verified when they sign in to Cognito. The user can then access the Shopify store without entering any additional sign-in information. The Shopify store is only accessible to users who have been authenticated by your Cognito application.

jwt token authentication shopify SSO

When a user logs in to your Cognito application, the JWT issuer pulls the user's information from the Cognito userbase to create a JWT token with three parts: header, payload, and signature. This JWT token is then appended to the Shopify SSO link, and when the user clicks on the SSO link, a signature validation process occurs; if the signature is validated, the user is authentic, and access to the Shopify store is granted; otherwise, access is denied.

Pre-requisite : Single Sign On - SSO Application

To configure Single Sign-On (SSO) on your Shopify store using JWT, you will need to install the miniOrange Single Sign On - SSO Application on your Shopify store:

miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify applications(both plus and Non plus Stores).


Step by Step guide for Single Sign-On in Shopify Store Using Cognito Credentials (JWT Token)

1.  Configure JWT Authentication in Shopify Single Sign-on (SSO) application

  • Navigate to Apps section and Click on Single Sign On - SSO Login Application.

    shopify app section - single sign on application
  • Click on Setup IDP button in the top left in navigation bar.

    Single Sign-On (SSO)for Shopify (Plus and Non Plus), Configure IDP for enabling Single Sign-On (SSO)
  • Navigate to User Stores and click on the Add User Store button.

    shopify authentication via jwt - add user store
  • Navigate to the JWT section and Select the JWT Signing Algorithm.

  • shopify authentication via jwt - jwt section
    JWT Identifier Enter appropriate IDP name (It will be used in SSO link)
    Login URL Authentication endpoint of company on which the user will get authenticated and get redirected to miniOrange JWT SSO link
    User Identifier The attribute in which you are passing email address as parameter
    JWT Signing Algorithm

    Token Introspection

    Introspection Endpoint The token introspection endpoint provided by the Cognito application using which we will verify the jwt token.
  • Click on the Save button.

2.  Create the SSO link to Single Sign-On to Shopify

  • Append the data in the below URL format.

    Customer ID miniOrange will provide customer ID
    IdpIdentifier JWT Identifier in above image
    JWT token Provided by the organization using SSO services. The JWT token needs to have these three mandatory parameters in the payload:

    iat - The time when this token was issued.
    exp - expiration time of this token.
    user_identifier - attribute in which you are passing email address
    Store-domain The primary domain of your Shopify store{customerId}/{idpIdentifier}/{jwtToken}?relay=<store-domain>/account

  • After substituting the values click on the Single Sign-On (SSO) link. You will be redirected to the Shopify store.

    SSO using JWT - Test Successfull
  • Hence you have successfully configured Shopify Single Sign-On (SSO) using Cognito Credentials (JWT Authentication) using miniorange Single Sign-On (SSO) login application. This solution ensures that you are ready to roll out secure access to your Shopify store using Cognito (JWT Token) within minutes.

Additional Resources

If you are looking for anything which you cannot find, please drop us an email on

Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to