Hello, we are building an app that needs to do some complex calculations and reporting related to Shopify customers and orders.
We have built a Shopify custom app (SA) that gets customers, products, and orders through webhooks (we could use amazon event-bridge for that as well), and now we need to add some rich set of reporting and admin features that are updating Shopify customers. The client Shopify store has a Shopify Plus license.
I see 2 options and I would like to ask for some clarifications
1. We build a reporting app (RA) as a new Shopify app (or upgrade of our existing Shopify app (SA)), so it can write back to Shopify directly. The problem is that we need to authenticate RA users using Shopify and keep them logged in if they are logged in Shopify. How to do that? In other words, how can we use Shopify as Auth and SSO provider? We want all users to be initially added through Shopify registration. In our reporting app (RA), we want to update customer tags, as a result, of the calculation.
2. Reporting app has no real user management, all the users are Shopify users and the RA endpoints are called through app proxy. The custom client code in Shopify will update Shopify customers, so no need to write back anything. The problem then is how to pass logged-in customerId to our RA and how to do that in a secure way so that another user cannot see someone else's report.
Yes, I saw this article about SAML, but thought there could be easier / cheaper way.
I am evaluating AWS Cognito since it seems much more cost-effective than Okta or Auth0, but I cannot find any document that explains how to do that.
The only way I found is through Mini Orange App.
Also, how can I test SSO that without a live real Shopify Plus store?