Hey Andy - could Multipass work for this use-case: https://shopify.dev/docs/api/multipass
Topic summary
Goal: Let any Shopify merchant authenticate to a web app via Auth0 using their Shopify credentials, not limited to a single store.
Current limitation: Auth0’s Shopify social connection only supports connecting to one store, which doesn’t meet the requirement of accepting logins from different store owners.
Explored option: Shopify Multipass was suggested. Multipass enables SSO across multiple stores owned by the same merchant, but does not allow logins from unrelated store owners.
Proposed approach: Implement a custom Auth0 social connection using Auth0’s Custom Social Connections extension.
- Use OAuth 2.0 with Shopify: redirect merchants to Shopify’s authorization URL with the app’s client ID and requested scopes.
- After authorization, Shopify returns a temporary code.
- Exchange the code for a store-specific access token via POST to Shopify.
Notes and implications:
- Access tokens are tied to the specific store and app.
- This is a workable but potentially inelegant solution; no simpler native method identified.
Status: Unresolved; seeking further suggestions for a more efficient multi-store Shopify login via Auth0.