OAuth Single Sign-On (SSO) For Shopify Using AWS Cognito as Identity Provider


miniOrange allows AWS Cognito to act as an IDP (Identity Provider), which allows users to Single Sign-On (SSO) into Shopify using AWS Cognito Credentials. Our application is compatible with all the SAML / OAuth compliant Identity Providers. We will go through a step-by-step guide to configure Single Sign-On (SSO) into Shopify using AWS Cognito as IdP (Identity Provider) and Shopify store as SP (Service Provider).

Pre-requisite : Single Sign On - SSO Application

To configure SSO into Shopify with AWS Cognito as IDP, you will need to install the miniOrange Shopify Single Sign On - SSO Login Application on your store:

miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify store (both plus and Non plus).


Step up guide for Configuring AWS Cognito as IDP for SSO into Shopify

Step 1: Step to get the Redirect URI for OAuth Server

  • Go to your Shopify store, click on the Apps tab and select the Single Sign On - SSO Login application.
  • shopify app section - single sign on application
  • Click on the Setup IDP button in the top left in the navigation bar.
  • Single Sign-On (SSO)for Shopify (Plus and Non Plus), Configure IDP for enabling Single Sign-On (SSO)
  • From the left navigation bar select Configure SSO and click on Add Identity provider button.
  • Shopify - miniorange sso application - choose OAuth 2.0
  • You can find the OAuth Callback URL/ Redirect URI in the OAuth 2.0 section. Keep the OAuth callback URL handy as you will need it later.
  • Shopify - miniorange sso application - choose OAuth 2.0

Step 2: Configuring miniOrange as Service Provider (SP) in AWS Cognito

  • Sign in to AWS Amazon
  • Now enter Cognito in search textbox & select Cognito from dropdown.

    OAuth/OpenID/OIDC Single Sign-On (SSO) with AWS cognito as IDP and Shopify as SP
  • Go to Manage your user pools.

    Manage your users pools for Single Sign-On (SSO), with AWS cognito as IDP and Shopify as SP
  • Click on Create a user pool.

     AWS cognito SSO Login Create a user pool for Shopify SP
  • Add pool name and select Review Defaults.

    AWS cognito SSO Login Review Defaults for Shopify SP
  • Click on Add app client & then click on Add an app client.

    AWS cognito SSO Login Add app client for Shopify SP
  • Enter App client name & then Click on Create app client.

    AWS cognito SSO Login Create app client for Shopify SP
  • Click on Return to pool details. After this click on Create Pool.
  • Now go to the Cognito dashboard and select “Cognito User Pool”, add callback URL which was copied from Shopify store here.
  • Add application home page URL has to Sign out URL.
  • Also, select Authorization code grant as “Allowed OAuth Flows” & select OpenID as “Allowed OAuth Scopes”.
  • After selecting all details click on Save changes button.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Save changes
  • Go to App client and click on Show details to get a client ID and client secret. (Keep client ID and client secret handy as you will need it later.)

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login App client
  • Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on Check availability button. After entering valid domain name click Save changes button.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login domain name
  • Complete domain name: The complete domain name that you need to enter in miniOrange dashboard is
    {your domain name}.auth.{region name}.amazoncognito.com
  • Add Users / Groups to Cognito App : Go to Users and groups and then click on Users. After this click on Create user.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Add Users / Groups
  • Fill all required informations and click on Create user.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create user
  • Click on Groups and then click on Create group.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Groups
  • Fill all required informations and click on Create group.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create group
  • You have Successfully complete AWS Cognito side configuration.

Step 3: Configure AWS Cognito as IDP in miniOrange

  • Again, go to your Shopify store, click on the Apps tab and select the Single Sign On - SSO Login application.
  • shopify app section - single sign on application
  • Click on the Setup IDP button in the top left in the navigation bar.
  • Single Sign-On (SSO)for Shopify (Plus and Non Plus), Configure IDP for enabling Single Sign-On (SSO)
  • From the left navigation bar select Configure SSO and click on Add Identity provider button.
  • Shopify - miniorange sso application - choose OAuth 2.0
  • Go to OAuth 2.0 tab and select the IDP name as a Custom Provider from the dropdown.
  • Shopify - miniorange sso application - choose OAuth 2.0
  • Now, fill in the required details like Client ID, Client Secret, Endpoints, and Scope.
  • Please refer to the below table for configuring the values.
  • IdP Name Custom Provider
    IdP Display Name Choose appropriate name
    OAuth Authorize Endpoint https://{cognito-app-domain}/oauth2/authorize
    OAuth Access Token Endpoint https://{cognito-app-domain}/oauth2/token
    OAuth Get User Info Endpoint (optional) https://{cognito-app-domain}/oauth2/userInfo
    Client ID From step 1
    Client secret From step 1
    Scope openid
  • Now you can click on Save.
  • You have Successfully complete Shopify side configuration.

4. Testing SSO for your Shopify Store

  • Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
  • Click on the login button you customized earlier.
  • select project google oauth provider
  • You’ll be redirected to the login page of the IDP you configured in previous step. Log in with your IDP account credentials.
  • You’ll be successfully logged in to your Shopify store.

In this Guide, you have successfully configured AWS Cognito Single Sign-On (SSO) by configuring AWS Cognito as OAuth Provider and Shopify as OAuth Client using our Shopify Single Sign-On - SSO Login App. This solution ensures that you are ready to roll out secure access to your Shopify Store using AWS Cognito login credentials within minutes.


Choose your preferred Identity Provider and start setting up SSO for Shopify right away


Additional Resources


If you are looking for anything which you cannot find, please drop us an email on shopifysupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com