Add support for a dynamic Authorization and Token URLs to use Shopify as an IdP to authenticate users from any store

We would like to use Shopify as an IdP for our Auth0-managed application, but need to be able to authenticate Shopify users from any store.

Shopify provides documentation for SAML + SCIM, for the purpose of using an external IdP (e.g. Auth0) to log in to Shopify. In our case, we want to do the opposite - We need to be able to credential users within our Auth0-managed application, using Shopify as the IdP.

From that point forward, they would be able to continue to gain access / refresh tokens via Shopify.

We are aware of Auth0’s social connection integration, but because it only provides access to one store, this won’t work for our use-case. Our users may be coming from any store. I also found this community post, but the use-case is a little different.

Auth0 connections do not support a dynamic base URL for the /authorize endpoint of OAuth2 providers, so this is why the Shopify marketplace offering only supports a single store at a time. Each store (shop) would need a separate connection in order to specify the unique domain for that shop as its “Authorization URL” (ref).

The only option currently is to have a connection per shop configured due to how Shopify separates shops by domain.

The specific flow is as follows:

  1. The user installs the shopify application
  2. The user is taken to a pricing page, where they choose a subscription. This creates a recurring billing charge using Shopify Payments
  3. After the subscription is paid/confirmed, our application provisions a customer and an Auth0 user, as well as sends out an email for them to complete the user setup and gain access.

The goal is, that after step (3), we can authenticate the user with Auth0, so that they can be given immediate access to our system. The hypothesis is that there are a lot of steps that result in drop-off when users need to leave the website, check their email, click on a link, and create an account password before gaining access to our system.