Contents

OAuth Single Sign-On (SSO) For Shopify Using AWS Cognito as Identity Provider

miniOrange allows AWS Cognito to act as an IDP (Identity Provider), which allows users to Single Sign-On (SSO) into Shopify using AWS Cognito Credentials. Our application is compatible with all the SAML / OAuth compliant Identity Providers. We will go through a step-by-step guide to configure Single Sign-On (SSO) into Shopify using AWS Cognito as IdP (Identity Provider) and Shopify store as SP (Service Provider).

Pre-requisite : Single Sign On - SSO Application

To configure SSO into Shopify with AWS Cognito as IDP, you will need to install the miniOrange Shopify Single Sign On - SSO Login Application on your store:

Shopify Single Sign-On (SSO)

By miniOrange

miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify store (both plus and Non plus).

Get this application

Step up guide for Configuring AWS Cognito as IDP for SSO into Shopify

Step 1: Step to get the Redirect URI for OAuth Server

Go to your Shopify store, click on the Apps tab and select the Single Sign On - SSO Login application.

Single Sign-On (SSO)for Shopify (Plus and Non Plus), Configure IDP for enabling Single Sign-On (SSO)

Click on the Setup IDP button in the top left in the navigation bar.

Shopify - miniorange sso application - add identity provider

From the left navigation bar select Configure SSO and click on Add Identity provider button.

Shopify - miniorange sso application - choose OAuth 2.0

You can find the OAuth Callback URL/ Redirect URI in the OAuth 2.0 section. Keep the OAuth callback URL handy as you will need it later.

Step 2: Configuring miniOrange as Service Provider (SP) in AWS Cognito

Sign in to AWS Amazon
Now enter Cognito in search textbox & select Cognito from dropdown.
Go to Manage your user pools.
Click on Create a user pool.
Add pool name and select Review Defaults.
Click on Add app client & then click on Add an app client.
Enter App client name & then Click on Create app client.
Click on Return to pool details. After this click on Create Pool.
Now go to the Cognito dashboard and select “Cognito User Pool”, add callback URL which was copied from Shopify store here.
Add application home page URL has to Sign out URL.
Also, select Authorization code grant as “Allowed OAuth Flows” & select OpenID as “Allowed OAuth Scopes”.
After selecting all details click on Save changes button.
Go to App client and click on Show details to get a client ID and client secret. (Keep client ID and client secret handy as you will need it later.)
Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on Check availability button. After entering valid domain name click Save changes button.
Complete domain name: The complete domain name that you need to enter in miniOrange dashboard is
{your domain name}.auth.{region name}.amazoncognito.com
Add Users / Groups to Cognito App : Go to Users and groups and then click on Users. After this click on Create user.
Fill all required informations and click on Create user.
Click on Groups and then click on Create group.
Fill all required informations and click on Create group.

You have Successfully complete AWS Cognito side configuration.

Step 3: Configure AWS Cognito as IDP in miniOrange

Again, go to your Shopify store, click on the Apps tab and select the Single Sign On - SSO Login application.
Click on the Setup IDP button in the top left in the navigation bar.

From the left navigation bar select Configure SSO and click on Add Identity provider button.

Go to OAuth 2.0 tab and select the IDP name as a Custom Provider from the dropdown.

Now, fill in the required details like Client ID, Client Secret, Endpoints, and Scope.
Please refer to the below table for configuring the values.

IdP Name	Custom Provider
IdP Display Name	Choose appropriate name
OAuth Authorize Endpoint	https://{cognito-app-domain}/oauth2/authorize
OAuth Access Token Endpoint	https://{cognito-app-domain}/oauth2/token
OAuth Get User Info Endpoint (optional)	https://{cognito-app-domain}/oauth2/userInfo
Client ID	From step 1
Client secret	From step 1
Scope	openid

Now you can click on Save.

You have Successfully complete Shopify side configuration.

4. Testing SSO for your Shopify Store

Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
Click on the login button you customized earlier.

You’ll be redirected to the login page of the IDP you configured in previous step. Log in with your IDP account credentials.
You’ll be successfully logged in to your Shopify store.

In this Guide, you have successfully configured AWS Cognito Single Sign-On (SSO) by configuring AWS Cognito as OAuth Provider and Shopify as OAuth Client using our Shopify Single Sign-On - SSO Login App. This solution ensures that you are ready to roll out secure access to your Shopify Store using AWS Cognito login credentials within minutes.