Add support for a dynamic Authorization and Token URLs to use Shopify as an IdP to authenticate users from any store

Feature:
We would like to use Shopify as an IdP for our Auth0-managed application, but need to be able to authenticate Shopify users from any store.

Description:
Shopify provides documentation for SAML + SCIM, for the purpose of using an external IdP (e.g. Auth0) to log in to Shopify. In our case, we want to do the opposite - We need to be able to credential users within our Auth0-managed application, using Shopify as the IdP.

From that point forward, they would be able to continue to gain access / refresh tokens via Shopify.

We are aware of Auth0’s social connection integration, but because it only provides access to one store, this won’t work for our use-case. Our users may be coming from any store. I also found this community post, but the use-case is a little different.

Auth0 connections do not support a dynamic base URL for the /authorize endpoint of OAuth2 providers, so this is why the Shopify marketplace offering only supports a single store at a time. Each store (shop) would need a separate connection in order to specify the unique domain for that shop as its “Authorization URL” (ref).

The only option currently is to have a connection per shop configured due to how Shopify separates shops by domain.

Use-case:
The specific flow is as follows:

  1. The user installs the shopify application
  2. The user is taken to a pricing page, where they choose a subscription. This creates a recurring billing charge using Shopify Payments
  3. After the subscription is paid/confirmed, our application provisions a customer and an Auth0 user, as well as sends out an email for them to complete the user setup and gain access.

The goal is, that after step (3), we can authenticate the user with Auth0, so that they can be given immediate access to our system. The hypothesis is that there are a lot of steps that result in drop-off when users need to leave the website, check their email, click on a link, and create an account password before gaining access to our system.

Hey Justin,
Thank you for sharing.
Have you found feasible implementation for this issue?

Hey there, everyone!

I’m excited to inform you about our next Ask Me Anything session in the Forum on Tuesday, July 30, with the Product Management team. If you have questions about upcoming features like FGA, Manage Sessions in Actions, or SCIM. Submit your questions now, and our esteemed product experts will provide written answers on July 30. Can’t wait to see you there!
Learn more here!