OAuth Single Sign-On (SSO) For Shopify Using AWS Cognito as Identity Provider

miniOrange allows AWS Cognito to act as an IDP (Identity Provider), which allows users to Single Sign-On (SSO) into Shopify using AWS Cognito Credentials. Our application is compatible with all the SAML / OAuth compliant Identity Providers. We will go through a step-by-step guide to configure Single Sign-On (SSO) into Shopify using AWS Cognito as IdP (Identity Provider) and Shopify store as SP (Service Provider).

Pre-requisite : Single Sign On - SSO Application

To configure SSO into Shopify with AWS Cognito as IDP, you will need to install the miniOrange Shopify Single Sign On - SSO Login Application on your store:

Step up guide for Configuring AWS Cognito as IDP for SSO into Shopify

Step 1: Step to get the Redirect URI for OAuth Server

• Go to your Shopify store, click on the Apps tab and select the Single Sign On - SSO Login application.

• Click on the Setup IDP button in the top left in the navigation bar.

• From the left navigation bar select Configure SSO and click on Add Identity provider button.

• You can find the OAuth Callback URL/ Redirect URI in the OAuth 2.0 section. Keep the OAuth callback URL handy as you will need it later.

Step 2: Configuring miniOrange as Service Provider (SP) in AWS Cognito

• Sign in to AWS Amazon
• Now enter Cognito in search textbox & select Cognito from dropdown.
  
  
  
• Go to Manage your user pools.
  
  
  
• Click on Create a user pool.
  
  
  
• Add pool name and select Review Defaults.
  
  
  
• Click on Add app client & then click on Add an app client.
  
  
  
• Enter App client name & then Click on Create app client.
  
  
  
• Click on Return to pool details. After this click on Create Pool.
• Now go to the Cognito dashboard and select “Cognito User Pool”, add callback URL which was copied from Shopify store here.
• Add application home page URL has to Sign out URL.
• Also, select Authorization code grant as “Allowed OAuth Flows” & select OpenID as “Allowed OAuth Scopes”.
• After selecting all details click on Save changes button.
  
  
  
• Go to App client and click on Show details to get a client ID and client secret. (Keep client ID and client secret handy as you will need it later.)
  
  
  
• Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on Check availability button. After entering valid domain name click Save changes button.
  
  
  
• Complete domain name: The complete domain name that you need to enter in miniOrange dashboard is
  {your domain name}.auth.{region name}.amazoncognito.com
  
• Add Users / Groups to Cognito App : Go to Users and groups and then click on Users. After this click on Create user.
  
  
  
• Fill all required informations and click on Create user.
  
  
  
• Click on Groups and then click on Create group.
  
  
  
• Fill all required informations and click on Create group.
  
  

You have Successfully complete AWS Cognito side configuration.

Step 3: Configure AWS Cognito as IDP in miniOrange

• Again, go to your Shopify store, click on the Apps tab and select the Single Sign On - SSO Login application.

• Click on the Setup IDP button in the top left in the navigation bar.

• From the left navigation bar select Configure SSO and click on Add Identity provider button.

• Go to OAuth 2.0 tab and select the IDP name as a Custom Provider from the dropdown.

• Now, fill in the required details like Client ID, Client Secret, Endpoints, and Scope.
• Please refer to the below table for configuring the values.

IdP Name	Custom Provider
IdP Display Name	Choose appropriate name
OAuth Authorize Endpoint	https://{cognito-app-domain}/oauth2/authorize
OAuth Access Token Endpoint	https://{cognito-app-domain}/oauth2/token
OAuth Get User Info Endpoint (optional)	https://{cognito-app-domain}/oauth2/userInfo
Client ID	From step 1
Client secret	From step 1
Scope	openid

• Now you can click on Save.

You have Successfully complete Shopify side configuration.

4. Testing SSO for your Shopify Store

• Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
• Click on the login button you customized earlier.

• You’ll be redirected to the login page of the IDP you configured in previous step. Log in with your IDP account credentials.
• You’ll be successfully logged in to your Shopify store.

In this Guide, you have successfully configured AWS Cognito Single Sign-On (SSO) by configuring AWS Cognito as OAuth Provider and Shopify as OAuth Client using our Shopify Single Sign-On - SSO Login App. This solution ensures that you are ready to roll out secure access to your Shopify Store using AWS Cognito login credentials within minutes.

Choose your preferred Identity Provider and start setting up SSO for Shopify right away

Additional Resources

• Single Sign-On (SSO) for Shopify
• Shopify Single Sign-On (SSO) using Azure B2C
• Shopify Single Sign-On (SSO) using Okta
• Shopify Two Factor Authentication
• Shopify Secure Admin Login

If you are looking for anything which you cannot find, please drop us an email on shopifysupport@xecurify.com