Auth0

This guide covers how to configure Auth0 as a third-party identity provider for Shopify customer accounts, including how to add custom Shopify claims to your ID tokens for customer data enrichment.

Anchor to PrerequisitesPrerequisites

A Shopify Plus plan with new customer accounts enabled.
An Auth0 tenant with a Regular Web Application configured.

Anchor to Connect Auth0 to ShopifyConnect Auth0 to Shopify

To connect Auth0 as your store's identity provider, you'll add your Auth0 credentials to the Shopify admin, configure your Auth0 application to accept Shopify's callback URL, and enable refresh tokens.

Anchor to Step 1: Add your Auth0 credentials in the Shopify adminStep 1: Add your Auth0 credentials in the Shopify admin

Add your Discovery URL, Client ID, and Client Secret in the Shopify admin under Settings > Customer accounts > Third-party identity provider.

You can find these values in your Auth0 dashboard:

Discovery URL: https://{your-domain}.auth0.com/.well-known/openid-configuration (found in Applications > your app > Settings > Advanced Settings > Endpoints > OpenID Configuration). If you use a custom domain, replace with your whitelabeled domain.
Client ID: Found in your application's Settings tab.
Client Secret: Found in your application's Settings tab.

For full setup instructions, refer to Connect a third-party identity provider.

Anchor to Step 2: Add your Shopify callback URL to Auth0Step 2: Add your Shopify callback URL to Auth0

To complete the connection, add your Shopify callback URL to the Allowed Callback URLs field in your Auth0 application settings.

You can find your Shopify callback URL in the Shopify admin on the same Third-party identity provider settings page from Step 1.

Anchor to Step 3: Add the offline_access scopeStep 3: Add the offline_access scope

In the Shopify admin identity provider settings, add offline_access to the Additional scopes field. Auth0 doesn't include a refresh token by default in the authorization code flow. Without this scope, customer sessions can't be refreshed and expire prematurely.

Also ensure that refresh token rotation is enabled in your Auth0 application settings.

Anchor to Standard claimsStandard claims

If your Auth0 user profiles include given_name, family_name, and phone_number, these claims are included in ID tokens automatically. No extra configuration is needed to import names and phone numbers into Shopify customer records.

Anchor to Add custom Shopify claimsAdd custom Shopify claims

To import tags and addresses, you need to add custom claims to the ID token using an Auth0 Action.

Anchor to Create a Post Login ActionCreate a Post Login Action

A Post Login Action is a function that Auth0 runs after a user authenticates. You can use it to add custom Shopify claims to the ID token:

In the Auth0 dashboard, go to Actions > Library and click Build Custom.
Name the action (for example, "Add Shopify claims") and select Login / Post Login as the trigger.
Add code that reads customer data and sets custom claims on the ID token. The following example reads tags and addresses from event.user.app_metadata, but you can also use event.user.user_metadata or call an external API within the Action:

exports.onExecutePostLogin = async (event, api) => {

const metadata = event.user.app_metadata;

// Tags: comma-separated string from app_metadata

if (metadata.shopify_tags) {

api.idToken.setCustomClaim(

"urn:shopify:customer:tags",

metadata.shopify_tags // e.g. "vip, loyalty-gold"

);

}

// Addresses: array of address objects from app_metadata

if (metadata.shopify_addresses) {

api.idToken.setCustomClaim(

"urn:shopify:customer:addresses",

metadata.shopify_addresses

// Expected format: [{ "address1": "123 Main St", "city": "Toronto",

// "province_code": "ON", "country_code": "CA", "zip": "M5V 2H1",

// "first_name": "Jane", "last_name": "Doe", "default": true }]

);

}

};

For the full address field format, refer to the claim import reference.

Click Deploy to save the Action.
Go to Actions > Flows > Login, drag your Action into the flow, and click Apply.

Note

Auth0 Rules and Hooks are deprecated (EOL November 2026). Use Actions for all new custom claim configurations.

For the full list of supported claims and address field formats, refer to the claim import reference.

Anchor to Enable enrichment in ShopifyEnable enrichment in Shopify

After configuring your identity provider to include custom claims, you need to tell Shopify to read and import them. In the Shopify admin under your identity provider settings, enable Sync customer data and configure the update trigger and overwrite rules. For details on these options, refer to claim import configuration.

Anchor to VerifyVerify

After enabling enrichment, verify that Shopify correctly imports customer data from your Auth0 ID tokens:

Authenticate on your store through Auth0.
In the Shopify admin, go to Customers and open the customer record.
Confirm that name, phone, tags, and addresses are populated from the ID token claims.

Anchor to TroubleshootingTroubleshooting

Symptom	Cause	Fix
Session expires and customer can't refresh	Missing `offline_access` scope	Add `offline_access` to Additional scopes in the Shopify admin identity provider settings
Custom claims not appearing on customer record	Action not deployed or not in the Login flow	In Auth0, verify the Action is deployed and added to the Login flow under Actions > Flows > Login
Login fails with "email not verified" error	`email_verified` claim is missing or `false`	Ensure your Auth0 email verification flow is configured and the user has verified their email
Standard claims (name, phone) not imported	User profile fields are empty in Auth0	Populate `given_name`, `family_name`, and `phone_number` in the Auth0 user profile

Anchor to ResourcesResources

Was this page helpful?