---
title: Auth0
description: >-
  Configure Auth0 as a third-party identity provider for Shopify customer
  accounts and set up custom claims for customer data enrichment.
api_name: customer-authentication
source_url:
  html: 'https://shopify.dev/docs/api/customer-authentication/provider-guides/auth0'
  md: >-
    https://shopify.dev/docs/api/customer-authentication/provider-guides/auth0.md
---

# Auth0

This guide covers how to configure [Auth0](https://auth0.com/) as a third-party identity provider for Shopify customer accounts, including how to add custom Shopify claims to your ID tokens for [customer data enrichment](https://shopify.dev/docs/api/customer-authentication/claim-import).

***

## Prerequisites

* A [Shopify Plus](https://www.shopify.com/plus) plan with [new customer accounts](https://help.shopify.com/en/manual/customers/customer-accounts/new-customer-accounts) enabled.
* An Auth0 tenant with a [Regular Web Application](https://auth0.com/docs/get-started/applications) configured.

***

## Connect Auth0 to Shopify

To connect Auth0 as your store's identity provider, you'll add your Auth0 credentials to the Shopify admin, configure your Auth0 application to accept Shopify's callback URL, and enable refresh tokens.

### Step 1: Add your Auth0 credentials in the Shopify admin

Add your Discovery URL, Client ID, and Client Secret in the Shopify admin under **Settings** > **Customer accounts** > **Third-party identity provider**.

You can find these values in your Auth0 dashboard:

* **Discovery URL:** `https://{your-domain}.auth0.com/.well-known/openid-configuration` (found in **Applications > your app > Settings > Advanced Settings > Endpoints > OpenID Configuration**). If you use a custom domain, replace with your whitelabeled domain.
* **Client ID:** Found in your application's Settings tab.
* **Client Secret:** Found in your application's Settings tab.

For full setup instructions, refer to [Connect a third-party identity provider](https://help.shopify.com/en/manual/customers/customer-accounts/new-customer-accounts/identity-provider/connect).

### Step 2: Add your Shopify callback URL to Auth0

To complete the connection, add your Shopify callback URL to the **Allowed Callback URLs** field in your Auth0 application settings.

You can find your Shopify callback URL in the Shopify admin on the same Third-party identity provider settings page from Step 1.

### Step 3: Add the offline\_​access scope

In the Shopify admin identity provider settings, add `offline_access` to the **Additional scopes** field. Auth0 doesn't include a refresh token by default in the authorization code flow. Without this scope, customer sessions can't be refreshed and expire prematurely.

Also ensure that [refresh token rotation](https://auth0.com/docs/secure/tokens/refresh-tokens) is enabled in your Auth0 application settings.

***

## Standard claims

If your Auth0 user profiles include `given_name`, `family_name`, and `phone_number`, these claims are included in ID tokens automatically. No extra configuration is needed to import names and phone numbers into Shopify customer records.

***

## Add custom Shopify claims

To import tags and addresses, you need to add custom claims to the ID token using an [Auth0 Action](https://auth0.com/docs/customize/actions/triggers/post-login).

### Create a Post Login Action

A Post Login Action is a function that Auth0 runs after a user authenticates. You can use it to add custom Shopify claims to the ID token:

1. In the Auth0 dashboard, go to **Actions > Library** and click **Build Custom**.
2. Name the action (for example, "Add Shopify claims") and select **Login / Post Login** as the trigger.
3. Add code that reads customer data and sets custom claims on the ID token. The following example reads tags and addresses from `event.user.app_metadata`, but you can also use `event.user.user_metadata` or call an external API within the Action:

```javascript
exports.onExecutePostLogin = async (event, api) => {
  const metadata = event.user.app_metadata;


  // Tags: comma-separated string from app_metadata
  if (metadata.shopify_tags) {
    api.idToken.setCustomClaim(
      "urn:shopify:customer:tags",
      metadata.shopify_tags // e.g. "vip, loyalty-gold"
    );
  }


  // Addresses: array of address objects from app_metadata
  if (metadata.shopify_addresses) {
    api.idToken.setCustomClaim(
      "urn:shopify:customer:addresses",
      metadata.shopify_addresses
      // Expected format: [{ "address1": "123 Main St", "city": "Toronto",
      //   "province_code": "ON", "country_code": "CA", "zip": "M5V 2H1",
      //   "first_name": "Jane", "last_name": "Doe", "default": true }]
    );
  }
};
```

For the full address field format, refer to the [claim import reference](https://shopify.dev/docs/api/customer-authentication/claim-import#addresses).

1. Click **Deploy** to save the Action.
2. Go to **Actions > Flows > Login**, drag your Action into the flow, and click **Apply**.

**Note:**

Auth0 Rules and Hooks are deprecated (EOL November 2026). Use Actions for all new custom claim configurations.

For the full list of supported claims and address field formats, refer to the [claim import reference](https://shopify.dev/docs/api/customer-authentication/claim-import).

***

## Enable enrichment in Shopify

After configuring your identity provider to include custom claims, you need to tell Shopify to read and import them. In the Shopify admin under your identity provider settings, enable **Sync customer data** and configure the update trigger and overwrite rules. For details on these options, refer to [claim import configuration](https://shopify.dev/docs/api/customer-authentication/claim-import#configuration).

***

## Verify

After enabling enrichment, verify that Shopify correctly imports customer data from your Auth0 ID tokens:

1. Authenticate on your store through Auth0.
2. In the Shopify admin, go to **Customers** and open the customer record.
3. Confirm that name, phone, tags, and addresses are populated from the ID token claims.

***

## Troubleshooting

| Symptom | Cause | Fix |
| - | - | - |
| Session expires and customer can't refresh | Missing `offline_access` scope | Add `offline_access` to Additional scopes in the Shopify admin identity provider settings |
| Custom claims not appearing on customer record | Action not deployed or not in the Login flow | In Auth0, verify the Action is deployed and added to the Login flow under Actions > Flows > Login |
| Login fails with "email not verified" error | `email_verified` claim is missing or `false` | Ensure your Auth0 email verification flow is configured and the user has verified their email |
| Standard claims (name, phone) not imported | User profile fields are empty in Auth0 | Populate `given_name`, `family_name`, and `phone_number` in the Auth0 user profile |

***

## Resources

* [Auth0: Adding custom claims to ID tokens with Actions](https://auth0.com/blog/adding-custom-claims-to-id-token-with-auth0-actions/)
* [Auth0: Post-login Action trigger](https://auth0.com/docs/customize/actions/triggers/post-login)
* [Auth0: Applications setup](https://auth0.com/docs/get-started/applications)
* [Auth0: Refresh tokens](https://auth0.com/docs/secure/tokens/refresh-tokens)
* [Shopify: Claim import reference](https://shopify.dev/docs/api/customer-authentication/claim-import)

***