Hello, we are building an app that needs to do some complex calculations and reporting related to Shopify customers and orders.
We have built a Shopify custom app (SA) that gets customers, products, and orders through webhooks (we could use amazon event-bridge for that as well), and now we need to add some rich set of reporting and admin features that are updating Shopify customers. The client Shopify store has a Shopify Plus license.
I see 2 options and I would like to ask for some clarifications
1. We build a reporting app (RA) as a new Shopify app (or upgrade of our existing Shopify app (SA)), so it can write back to Shopify directly. The problem is that we need to authenticate RA users using Shopify and keep them logged in if they are logged in Shopify. How to do that? In other words, how can we use Shopify as Auth and SSO provider? We want all users to be initially added through Shopify registration. In our reporting app (RA), we want to update customer tags, as a result, of the calculation.
2. Reporting app has no real user management, all the users are Shopify users and the RA endpoints are called through app proxy. The custom client code in Shopify will update Shopify customers, so no need to write back anything. The problem then is how to pass logged-in customerId to our RA and how to do that in a secure way so that another user cannot see someone else's report.
Yes, I saw this article about SAML, but thought there could be easier / cheaper way.
I am evaluating AWS Cognito since it seems much more cost-effective than Okta or Auth0, but I cannot find any document that explains how to do that.
The only way I found is through Mini Orange App.
Also, how can I test SSO that without a live real Shopify Plus store?
There is a very economical solution available which you can find here.
As I can see that you have already mentioned the miniOrange Single Sign-On Solution. I would like to share my experience with miniOrange.
I was able to integrate SSO using Okta as the Identity Provider for my Shopify Store. Just followed this guide and configured the SSO app with Okta as an Identity Provider and I was able to setup the configuration within a few minutes.
miniOrange provides an SSO solution for Shopify Non-Plus and Plus versions. They provide Shopify SSO with any capable identity providers supporting all the Standard Authentication Protocols like SAML 2.0, OAuth 2.0, OpenID, JWT, LDAP etc.
They have provided a reliable Single Sign-on (SSO) solution. Our users have never faced a sign-on problem. They also have a high level of a security policy by configuring MFA (Multi-Factor Authentication). You can check out their Single Sign On - SSO Login App available on the Shopify Appstore.