Shopify Single Sign-On (SSO) using Cognito as IDP – JWT Protocol
This solution enables you to configure Single Sign-On (SSO)Shopify store and authenticate via JWT with your Cognito credentials. When you use JWT authentication with single sign-on (SSO), a user's identity is verified when they sign in to Cognito. The user can then access the Shopify store without entering any additional sign-in information. The Shopify store is only accessible to users who have been authenticated by your Cognito application.
When a user logs in to your Cognito application, the JWT issuer pulls the user's information from the Cognito userbase to create a JWT token with three parts: header, payload, and signature. This JWT token is then appended to the Shopify SSO link, and when the user clicks on the SSO link, a signature validation process occurs; if the signature is validated, the user is authentic, and access to the Shopify store is granted; otherwise, access is denied.
Pre-requisite : Single Sign On - SSO Application
To configure Single Sign-On (SSO) on your Shopify store using JWT, you will need to install the miniOrange Single Sign On - SSO Application on your Shopify store:
miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify applications(both plus and Non plus Stores).
Step by Step guide for Single Sign-On in Shopify Store Using Cognito Credentials (JWT Token)
1. Configure JWT Authentication in Shopify Single Sign-on (SSO) application
- Navigate to Apps section and Click on Single Sign On - SSO Login Application.
- Click on Setup IDP button in the top left in navigation bar.
-
Navigate to User Stores and click on the Add User Store button.
- Navigate to the JWT section and Select the JWT Signing Algorithm.
- Click on the Save button.
| JWT Identifier | Enter appropriate IDP name (It will be used in SSO link) |
| Login URL | Authentication endpoint of company on which the user will get authenticated and get redirected to miniOrange JWT SSO link |
| User Identifier | The attribute in which you are passing email address as parameter |
| JWT Signing Algorithm |
Token Introspection |
| Introspection Endpoint | The token introspection endpoint provided by the Cognito application using which we will verify the jwt token. |
2. Create the SSO link to Single Sign-On to Shopify
-
Append the data in the below URL format.
Customer ID miniOrange will provide customer ID IdpIdentifier JWT Identifier in above image JWT token Provided by the organization using SSO services. The JWT token needs to have these three mandatory parameters in the payload:
iat - The time when this token was issued.
exp - expiration time of this token.
user_identifier - attribute in which you are passing email addressStore-domain The primary domain of your Shopify store https://store.xecurify.com/moas/broker/login/jwt/callback/{customerId}/{idpIdentifier}/{jwtToken}?relay=https://store.xecurify.com/moas/broker/login/shopify/<store-domain>/account
-
After substituting the values click on the Single Sign-On (SSO) link. You will be redirected to the Shopify store.
Hence you have successfully configured Shopify Single Sign-On (SSO) using Cognito Credentials (JWT Authentication) using miniorange Single Sign-On (SSO) login application. This solution ensures that you are ready to roll out
secure access to your Shopify store using Cognito (JWT Token) within minutes.
Additional Resources
If you are looking for anything which you cannot find, please drop us an email on shopifysupport@xecurify.com.
Need Help? We are right here!
