Search Results :

×

OAuth Single Sign-On (SSO) For Shopify Using AWS Cognito as Identity Provider


miniOrange allows AWS Cognito to act as an IDP (Identity Provider), which allows users to Single Sign-On (SSO) into Shopify using AWS Cognito Credentials. Our application is compatible with all the SAML / OAuth-compliant Identity Providers. We will go through a step-by-step guide to configure Single Sign-On (SSO) into Shopify using AWS Cognito as IdP (Identity Provider) and Shopify store as SP (Service Provider).

Pre-requisite: Single Sign-On - SSO Application

To configure SSO into Shopify with AWS Cognito as IDP, you will need to install the miniOrange Shopify Single Sign On - SSO Login Application on your store:

miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify store (both plus and Non-plus).


Setup guide for Configuring AWS Cognito as IDP for SSO into Shopify

Step 1: Get Callback URL from Shopify SSO App

  • Go to your Shopify store and navigate to the App section and click on Single Sign On - SSO login application.
  • AWS Cognito Single Sign-On (SSO) - Add SSO Application
  • Click on the Add identity Provider button to add your IDP.
  • AWS Cognito Single Sign-On (SSO) - Add Identity Provider
  • Select OAuth 2.0 protocol.
  • AWS Cognito Single Sign-On (SSO) - Select SAML Protocol
  • Now choose AWS Cognito from the list of IDPs.
  • AWS Cognito Single Sign-On (SSO) - Select Okta from IDP List
  • Copy the OAuth Callback URL and kepp it handy as it will be used in furthur step.
  • AWS Cognito Single Sign-On (SSO) - Click on Get Metadata

Step 2: Configuring Shopify as a Service Provider (SP) in AWS Cognito

  • Go to Amazon Console and sign up/log in to your account to Configure AWS Cognito.

  • AWS Cognito Single Sign-On (SSO) - Login to Amazon Console
  • Search for Cognito in the AWS Services search bar as shown below.

  • AWS Cognito Single Sign-On (SSO) - Search for AWS Cognito
  • Click on Create a User Pool to create a new User Pool.

  • AWS Cognito Single Sign-On (SSO) - click on create user pool
  • Choose the attributes in your user pool to be used during the sign-in process

  • AWS Cognito Single Sign-On (SSO) - configure sign in experience
  • Set up a strong password to configure your security requirements. Go ahead with the ‘No MFA’ option if you want users to only sign in with a single authentication factor. If you wish to enable MFA (Multi-factor authentication) it will require SMS messages which are charged separately by Amazon SNS. Learn more about that here. Click Next.

  • AWS Cognito Single Sign-On (SSO) - set up a strong password AWS Cognito Single Sign-On (SSO) - sign in with a single authentication factor
  • Configure attributes that would be required during the user sign-up flow.

  • AWS Cognito Single Sign-On (SSO) - configure sign up experinece
  • Choose additional attributes if you wish to. Click Next.

  • AWS Cognito Single Sign-On (SSO) - configure attributes for user sign up flow
  • Configure how your user pool sends email messages to users.

  • AWS Cognito Single Sign-On (SSO) - configure message delivery
  • Enter a name for your user pool, Also Under the Hosted authentication pages, check ‘Use the Cognito Hosted UI’.

  • AWS Cognito Single Sign-On (SSO) - enter a name for your user pool
  • Now, Under the Domain section choose the domain type as ‘Use a Cognito domain’. Enter a domain name for your Cognito app.

  • AWS Cognito Single Sign-On (SSO) -enter a domain name
  • Under the Initial app client section, Enter a name for your app client and check on Generate a client secret.

  • AWS Cognito Single Sign-On (SSO) - enter a name for your app client
  • Now enter your Callback/Redirect URL which you will get from your Shopify SSO application and paste it under the Allowed callback URLs text field. Also, refer to the following image for choosing the authentication flows for your app.

  • AWS Cognito Single Sign-On (SSO) - enter your callback url
  • Now, Under Advanced app client settings. Select Identity provider as Cognito user pool and select Authorization code grant under the OAuth 2.0 grant types and also select openid, email, and profile checkboxes under the OpenID Connect scopes section (Please refer to the image below). Click on the Next button to save your configurations.

  • AWS Cognito Single Sign-On (SSO) - advanced app client settings
  • Now, Review your selection of requirements. Click Create user pool to confirm the selection and create a user pool.

  • AWS Cognito Single Sign-On (SSO) - review your selection of requirements AWS Cognito Single Sign-On (SSO) - main application client settings
  • After successfully creating your user pool, Select your pool name from the list of pools to start with user creation.

  • AWS Cognito Single Sign-On (SSO) - select your pool name
  • Go to the Users tab, and click Create user.

  • AWS Cognito Single Sign-On (SSO) - create user
  • Enter details such as username, email address & password. Click on Create user to save the details.

  • AWS Cognito Single Sign-On (SSO) - enter username email password
  • After the successful creation of the user, you will need a copy of the Cognito domain, Client ID, and Client Secret. Go to the 'App Integration' section and copy the complete domain name {your domain name}.auth.{region name}.amazoncognito.com. This should be entered into the endpoints field under <cognito-app-domain> in the miniOrange OAuth Single Sign-On (SSO) plugin.

  • AWS Cognito Single Sign-On (SSO) - app integration tab
  • To get the Client ID and Client Secret, stay on the same 'App Integration' tab and scroll down to the 'App clients and analytics' section. Click on your App client name to see the Client ID and Client Secret.

  • AWS Cognito Single Sign-On (SSO) - app clients and analytics AWS Cognito Single Sign-On (SSO) - client id client secret

    You have completed the AWS Cognito side configuration.

Step 3: Configure AWS Cognito as IDP in Shopify

  • Navigate back to the miniOrange Single Sign On-SSO application and click on Add identity Provider button.
  • AWS Cognito Single Sign-On (SSO) - Go to SSO application
  • Select OAuth 2.0 protocol.
  • AWS Cognito Single Sign-On (SSO) - Select SAML Protocol
  • From the list of IDPs, select AWS Cognito.
  • AWS Cognito Single Sign-On (SSO) - Choose Okta IDP
  • Now, fill in the required details like Client ID, Client Secret, Endpoints, and Scope.
  • Please refer to the below table for configuring the values.
  • IDP Display Name Choose the appropriate name
    Authorize Endpoint https://{cognito-app-domain}/oauth2/authorize
    Access Token Endpoint https://{cognito-app-domain}/oauth2/token
    User Info Endpoint (optional) https://{cognito-app-domain}/oauth2/userInfo
    Client ID from Step 2
    Client secret from Step 2
    Scope openid
    AWS Cognito Single Sign-On (SSO) - Choose Okta IDP
  • Now you can click on Save.

You have completed the Shopify side configuration.

4.   Test Connection

  • After saving the IDP configuration, you will be redirected to Test Connection step.
    Please perform Test Connection before mapping or fetching attributes, test connection ensures that your IDP configuration is correct.
  • Click on the Test Connection button.
  • AWS Cognito Single Sign-On (SSO) - test Connection
  • On entering valid AWS Cognito account credentials you will see a pop-up window which is shown in the below screen.
  • AWS Cognito Single Sign-On (SSO) - SSO Sucess Test Connection
  • Click on the Fetch Attributes button to fetch IDP attribute.
  • AWS Cognito Single Sign-On (SSO) - Fetch Attributes

5.   Attribute Mapping

  • Click on the + Attribute Mapping button to map attributes between Shopify and Cognito.
  • AWS Cognito Single Sign-On (SSO) - Add Attribute
  • Map the attributes by refering the table below:
  • AWS Cognito Single Sign-On (SSO) - Map Attributes
    Attribute Name in Shopify Choose the attribute from the list of predefined attributes
    Attribute Type IDP Attribute
    Attribute Value Select the attribute value you have fetched from your IDP
  • Click on Save.
  • AWS Cognito Single Sign-On (SSO) - Save Attribute Mapping
  • Navigate to the application home page. Go to More actions against the IDP you have configured and click on Make Default button to make the IDP default.
  • AWS Cognito Single Sign-On (SSO) - Make application Default

6.   Testing Single Sign-On (SSO) for your Shopify Store

  • Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
  • Click on the login button you customized earlier.
  • AWS Cognito Single Sign-On (SSO) - click on login button
  • You’ll be redirected to the login page of the IDP you configured in previous step. Log in with your IDP account credentials.
  • You’ll be successfully logged in to your Shopify store.

In this Guide, you have configured AWS Cognito Single Sign-On (SSO) by configuring AWS Cognito as an OAuth Provider and Shopify as an OAuth Client using our Shopify Single Sign-On - SSO Login App. This solution ensures that you are ready to roll out secure access to your Shopify Store using AWS Cognito login credentials within minutes.


Troubleshooting

invalid_request

This may be because your primary domain would be different from your Shopify domain. To check your primary domain and make SSO work, follow the steps given here.

shopify_plan_expired

This issue arises when either the trial period of your Development plan is expired. Or if your plan is not auto-renewed from the Shopify end. Contact us at shopifysupport@xecurify.com to resolve the plan upgrade issue and get smooth functioning of the SSO – Single Sign On Application.

invalid_attributes_received

As email is a required entity in Shopify for account creation as well as login operation, Single Sign On is not successful in this case. To resolve this error, please follow given here.

encountered_an_error

When I am performing SSO, I am getting ‘Please verify if Shopify App is installed’ error. To resolve this error, please follow given here.

If your error or query is not listed here, click here to see others.


Frequently Asked Questions (FAQs)


I have followed the steps to set IdP but where can I check SSO?

Follow the steps outlined here. to configure SSO in Shopify with your preferred IDP.

I installed the Shopify SSO application. I clicked on the “SETUP IDP” option but nothing opened up.

Redirection to any other site might be blocked in the browser. Please follow the steps given here to resolve the issue.

When I try to perform SSO, I get redirected to the “Incorrect App Configuration” page and then after subsequent attempts, I get redirected to https://store.xecurify.com/moas/login page.

You might be trying to perform SSO in the different tab of the same browser where you have opened our Single Sign-On – SSO Application or accessed the configuration portal of our application. In this case, SSO will be restricted due to security reasons.
Try to perform Single Sign On in a new incognito/private window or in a different browser in order to make SSO work.

After performing SSO, I want my customers to redirect to the collections or discount offer page.

Follow the steps outlined here. to redirect your customer to collections/cart or any other page.

Choose your preferred Identity Provider and start setting up SSO for Shopify right away



If you are looking for anything which you cannot find, please drop us an email on shopifysupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com