|
RKRX June 27, 2025, 3:34am 1
Hi Shopify Community, I would like to seek advice on how we can implement a Single Sign-On (SSO) solution between our Shopify store and an external website (built outside of Shopify). We are using Customer Legacy Account in Shopify Specifically, we are looking to achieve the following behavior:
When a customer logs in on our external website, they are automatically logged into our Shopify store as well without needing to log in again.
Vice versa, when a customer logs in via our Shopify store, the external website session is also authenticated automatically. In other words, we want both platforms to share the same user session, so that login from one system reflects on the other seamlessly. Questions:- What are the possible approaches to implement this?
Does Shopify support session sharing or authentication token exchange with an external system?
Is there an official Shopify-supported SSO flow for Legacy/Classic Customer accounts (not staff/admin accounts)?
Can Shopify Legacy Customer Accounts (Classic/Legacy) support OAuth, JWT, or OpenID Connect integrations?
Are there any API limitations or security considerations we should be aware of? Additional Context:- We are using Customer Legacy Account in Shopify
Our external website has its own user authentication system.
We are looking for the most secure, scalable, and Shopify-compliant method to synchronize logins between the two platforms.
Logout synchronization is also something we are considering—i.e., logging out from one platform should log out from the other. I researched that Multipass is an option to achieve this, but I cannot confirm whether it will achieve all the behavior listed above. Any advice, experiences, or suggestions from the community or Shopify staff would be greatly appreciated. Thank you very much!
MandasaTech June 28, 2025, 6:55am 2
Hey @RKRX You’re tackling a tricky corner of Shopify that a lot of people bump into when trying to build real SSO between Shopify and an external site. Let’s break this down piece by piece: 1. Does Shopify natively support session sharing for Customer (Legacy/Classic) accounts?
Multipass is only available on Shopify Plus plans.
It only works for logging customers into Shopify from an external identity provider — not the other way around.
There’s no direct way to push a Shopify login session back to your external site automatically. 2. What about OAuth, JWT, or OpenID Connect?
Legacy Customer Accounts in Shopify don’t expose OAuth or OpenID for customer login like you’d see on modern custom apps.
Shopify’s OAuth is for app installations — not customer logins.
There’s no built-in JWT token handshake for customer sessions either. So you can’t just plug in an external OAuth provider and expect Shopify to handle it. 3. Is there any workaround? Use Multipass to bring users from your external site INTO Shopify seamlessly (if you’re on Plus). But going the other way (logging into Shopify first, then passing that session back to your external site) is basically a no-go unless you build custom middle layers:
Shopify won’t share raw session cookies or customer passwords (for obvious security reasons).
You’d need to build a custom app that listens for customer login events (webhooks), but you still can’t pull the customer’s password to log them in elsewhere. 4. Is this secure & Shopify-compliant? 5. Does logout sync work? Final thoughts If you’re on Shopify Plus — Multipass is your only legit option. TL;DR:
Shopify = not a true Identity Provider.
You need Shopify Plus + Multipass to get halfway there.
Full two-way SSO is not feasible without heavy custom engineering (and it still won’t be fully supported). Hope this works!
miniOrange_inc August 5, 2025, 5:24am 3
Hello @RKRX, Based on the detailed requirement, I can understand that you are looking to perform Single Sign-On (SSO) between your Shopify Store and your external site (or Identity Provider) while using Shopify’s Legacy Customer Accounts. I would like to confirm that this is completely possible using our miniOrange Shopify Single Sign-On solution ((miniOrange Single Sign On‑SSO - Shopify Single Sign-On (SSO) - Login with Okta, Entra ID... | Shopify App Store). With this solution, once users are authenticated against their IDP credentials, they will be able to log in to the Shopify store, and a user account will be created in Shopify without having to log in separately. Since you mentioned that your external website has its own user authentication system, we could potentially use it as the Identity Provider (IdP), where all user identities are stored. If the external site supports standard user authentication protocols such as SAML, OAuth, or JWT, we can use one of these protocols to configure SSO between your external site and the Shopify store using legacy accounts and your existing authentication system. Using our SSO solution, you can also achieve session sharing between Shopify and an external site, enabling authentication token exchange across both platforms. SSO flows for Legacy/Classic Customer Accounts on Shopify Plus and non-Plus stores are fully supported using this solution. Additionally, Shopify Legacy Customer Accounts (Classic/Legacy) can be made compatible with OAuth, JWT, or OpenID Connect integrations through the same approach. To add more context, since you are using Shopify Legacy Customer Accounts, our SSO solution allows you to integrate those accounts with your external website as the Identity Provider (IdP), enabling users to log in to Shopify using their existing IdP credentials. This ensures a secure and seamless login experience across both platforms. Furthermore, we can configure Single Logout (SLO), ensuring that user sessions are terminated on both Shopify and the external website when logging out from either. TL;DR:
Dotsquares August 27, 2025, 11:30am 4
Hi there, You’re essentially looking to implement true SSO between Shopify Customer Accounts (Legacy) and an external authentication system. Here are some points to help clarify: 1. Shopify Legacy Customer Accounts
Unfortunately, Legacy/Classic Customer Accounts don’t support modern SSO standards like OAuth, OpenID Connect, or JWT.
Shopify doesn’t provide a direct API to “log in” a customer from an external session — login is handled via Shopify’s native auth flow. 2. Multipass Login (Shopify Plus only)
Multipass is the closest official solution Shopify offers for this scenario, but it’s only available on Shopify Plus.
It allows you to authenticate users on your external site, then generate a secure Multipass token to log them into Shopify without entering credentials again.
Key note: Multipass is one-way (external → Shopify). It doesn’t automatically propagate logins or logouts back to your external site if the user signs in/out directly on Shopify.
Logout synchronization (Shopify → external) isn’t built in — you’d need custom handling via scripts or external API endpoints. 3. Alternative Approaches (if not on Plus)
Without Multipass, the most practical solution is to choose a primary identity provider (usually the external website’s auth system) and then:
Sync customer accounts via the Admin API (create/update customers when users sign up externally).
Deep-link into Shopify’s login flow if they need to access the storefront.
True session sharing (auto-login both ways) is not supported natively in Legacy accounts. 4. Customer Accounts (New System)
Shopify has been rolling out the new Customer Accounts system which is powered by Shopify’s own Identity platform and does use OpenID Connect.
If migrating is possible, this would give you a much more flexible and future-proof path to integrate SSO between systems. 5. Security Considerations
Be careful about attempting to “inject” sessions or share cookies — this would violate Shopify’s security model.
The only compliant path for auto-login is Multipass (Plus) or the new Customer Accounts system. (责任编辑:) |