Can I use Shopify as an SSO? [spoiler alert: no. you can't.]
This was written up for LBW specifically but may be of use in the future.
Situation 1) Mainsite connects to Vanilla & Mainsite connects to Shopify
While I do not currently have any Vanilla customers to share with you that currently do this, it does sound like such a set up is recommended and achievable. You would just need to choose an SSO provider that supports connecting to both Shopify and also support connecting to Vanilla (such as using oAuth).
In such a setup, if there were elements that were not as seamless as expected we would be happy to help you troubleshoot such a setup to attain the behaviour you are looking for.
Situation 2) Using Shopify as an SSO Solution or IDP to Connect Directly to Vanilla
While Shopify does use OAuth2 Authentication, it is for giving permissions to do API calls (or for connecting to a mainsite SSO). There doesn't appear to be a scope that is used specifically for providing user data.
There are definitely ways of getting custom data out of Shopify, such as an email address and a unique identifier but that does not mean that Shopify is meant to be used as an SSO Solution.
My SSO devs are concerned that any such integration would not be future proof and could result in tech debt. There were also concerns that if ever anything went wrong, it would be possible Shopify would say it was never intended for that use as to the best of our knowledge Shopify was not built with the intention of being an IdP.
Here are some of the pages we looked at:
- https://help.shopify.com/api/getting-started/authentication/oauth#step-1-get-the-clients-credentials
- https://help.shopify.com/api/getting-started/authentication/oauth/api-access-modes#online-access
- https://help.shopify.com/api/reference/access/accessscope
They don’t seem to have a lot of documentation around it, but in their forums a staff member comments a bit here though the post is old.
This more recent post isn’t official but doesn’t seem optimistic.
That being said, just like us I’m sure that Shopify is adding features and changing all the time, so I would recommend that you make a request directly to Shopify to find out if using it as an SSO/IDP is now supported, what the workflow would be and get any documentation they can provide.
If Shopify does offer a well supported workflow to use OAuth2 as an authentication provider we can look at it again, but for now, it seems like it is not a viable solution .
Let me know what they say, if we’ve misassessed the situation and Shopify does support and have documentation around being used this way we’d be very eager to see it and work with you/them :)
Note: LBW did contact Shopify and while they did not share the details of what Shopify said, they dropped pushing for this right after.