Skip to main contentArrow Right
BlogArrow Left

Add Auth to Your Shopify Plus Storefront With Descope

Developers
Anvi Headshot

Developer Relations Engineer

Share on:

Table of Contents

Shopify Plus empowers fast-growing brands with the digital infrastructure to scale quickly, offering powerful tools for store management, seamless checkout, and extensive customization. Its flexibility and extensibility make it a popular choice for all sizes of organization, including notable brands like Nestlé, Hasbro, and The Economist.

However, while Shopify excels at creating eye-catching storefronts and streamlining ecommerce ops, its limited authentication options force merchants into a difficult choice: accept higher cart abandonment from friction-heavy logins, or risk account takeovers from weaker security measures. By default, Shopify relies on simple email-password logins with limited support for modern features like passwordless login, multi-factor authentication (MFA), and enterprise SSO. 

Descope removes these limitations by connecting with Shopify Plus as an OIDC provider, offering a drag & drop, no-code solution to boost authentication security, user experience, and conversions. With Descope, you can reduce friction for users while simultaneously improving security, regaining lost business from drop-offs along the way.

Why Descope for Shopify Plus

Shopify’s built-in authentication system relies on basic, password-based authentication—a high-friction method vulnerable to credential stuffing attacks. These constraints directly impact your bottom line through:

  • Higher cart abandonment: 42% of consumers said they’d abandoned a purchase because of a forgotten password.

  • Increased fraud risk: Passwords are inherently vulnerable, and with 78% of people reusing credentials on at least one account, much of the risk is out of your control.

  • Lost revenue: Customers who abandon their carts from auth friction don’t convert. Similarly, forcing customers to create accounts can lead to drop-offs.

  • Limited cross-selling: Fragmented customer identity means more friction moving between multiple storefronts or sub-brands—and fewer cross-selling opportunities.

Descope addresses these challenges by replacing Shopify’s basic authentication with modern, secure, and lower-friction options offering tangible benefits: reduced cart abandonment, increased retention, and better protection against fraudulent transactions. With Descope as an OIDC provider, all of these can empower your business without forcing you to leave the strong ecommerce framework that Shopify offers.

Setting up Descope as an OIDC provider

To enhance authentication on your Shopify Plus storefront, you can configure Descope as an OpenID Connect (OIDC) provider. This setup allows Shopify to delegate authentication to Descope, enabling features like passwordless login, social sign-ins, and multi-factor authentication (MFA) without disrupting the user experience. In this section, we’ll walk through the steps to integrate Descope with Shopify Plus, ensuring a secure and smooth login process for your customers.

For a fully native experience, we recommend creating a new page on your Shopify store, and adding the Descope flow component to it. You will later configure this page to be your “Flow Hosting URL,” so when a user logs in, the OIDC process will take them to this page. 

Make sure not to link directly to this page anywhere on your store, as the authentication flow will only work when initiated using OIDC, and not when accessed directly.

First, create a new page in Shopify, and add custom liquid to the part of the page where you would like to put your authentication flow.

Fig: Creating a new page in Shopify
Fig: Creating a new page in Shopify

Then, in the custom liquid code field, add the following, making sure to replace <YOUR-PROJECT-ID> with your Descope Project ID, and <YOUR-FLOW-ID> with the ID of the Descope authentication flow you want to run: 

<!DOCTYPE html>
<html>
  <head>
	<script src="https://descopecdn.com/npm/@descope/web-component@3.21.0/dist/index.js"></script>
	<script src="https://descopecdn.com/npm/@descope/web-js-sdk@1.16.0/dist/index.umd.js"></script>
  </head>
 
  <body>
    <p id="container"></p>
 
	<script>
		const sdk = Descope({ projectId: '<YOUR-PROJECT-ID>', baseUrl: 'https://api.descope.com', persistTokens: true, autoRefresh: true });
 
		const sessionToken = sdk.getSessionToken()
		var notValidToken
		if (sessionToken) {
			notValidToken = sdk.isJwtExpired(sessionToken)
		}
		if (!sessionToken || notValidToken) {
			var container = document.getElementById('container');
			container.innerHTML = '<descope-wc project-id="<YOUR-PROJECT-ID>" base-url="https://api.descope.com" flow-id="<YOUR-FLOW-ID>"></descope-wc>';
			const wcElement = document.getElementsByTagName("descope-wc")[0];
 
			const onSuccess = (e) => {
				// You need to refresh the token here for auto refresh to work.
				sdk.refresh();
			};
 
			const onError = (err) => {
				// Print any errors to the console
				console.log(err);
			};
 
			// Add event listeners for onSuccess and onError
            wcElement.addEventListener('success', onSuccess)
            wcElement.addEventListener('error', onError)
		}
	</script>
  </body>
</html>

Adding the above code snippet should result in a page that resembles the image below.

Fig: After adding custom liquid
Fig: After adding custom liquid

Now that we have a place to host the flow, we’ll create an OIDC Application in Descope. Navigate to the Federated Apps tab of your Descope Console, and select +App. Select “Shopify”, and click Create.

Fig: Creating an application
Fig: Creating an application

Now, under the Advanced tab, set the “Flow Hosting URL” to be the URL for the Shopify page you added the Descope flow component to.

You will use the configuration details from this new Shopify OIDC Application when setting up Descope as your Identity Provider in the Shopify console.

Next, create an access key on the M2M Page of the Descope Console. After generating the key, make sure to save its value to be used in the next step.

Fig: Generating an access key
Fig: Generating an access key

Now, let’s add Descope as the Identity Provider to your Shopify store. Within Shopify, navigate to Customer Accounts > Identity Provider > Manage. If you don’t see this option, make sure you have a Shopify Plus account, and that Multipass is enabled if you are using Legacy customer accounts.

Select Connect to provider, and name the provider “Descope”.

Now, enter the following fields into the application info configuration:

  • Well-known or discovery endpoint URL: This is the Discovery URL from the Descope Shopify Application 

  • Client ID: Descope Project ID

  • Client Secret: The Access Key you just created 

  • Additional scopes: add profile

  • Post-logout redirect URI parameter name: `post_logout_redirect_uri`

Fig: Filling out the application info configuration
Fig: Filling out the application info configuration

After entering the Descope configuration details, Shopify allows you to test the configuration before activating Descope as the Identity Provider. You’ll be able to experience the login flow as your users will on your site.

Fig: Testing the connection
Fig: Testing the connection

Use case: magic link and passkeys

A seamless authentication experience can improve conversion rates and user satisfaction. With Descope, you can allow customers to log in using a passwordless magic links or passkeys.

To do so, we will create a Descope flow with both magic link and passkey authentication methods, and change our OIDC application’s flow hosting URL to point to our new flow.

Let’s start out with a template from our flow library. Select the "Sign Up Or In - Biometrics/Magic Link" option.

Fig: Selecting the flow template
Fig: Selecting the flow template

The "Create Flow" dialogue will appear. Hit Create to continue.

Fig: Creating the flow
Fig: Creating the flow

Now, after creating the flow, we can change the the Flow ID in the custom liquid on our login page to “sign-up-or-in-biometrics-magic-link ”

When we go back to our storefront’s login, we will be directed to our new magic link and passkeys login flow instead.

Use case: A/B testing

Customer preferences and needs change rapidly, and it can be difficult to keep up with what actually resonates with your users. Experiment with your authentication and user journey flows using A/B testing to determine which authentication journeys truly work best for your users.

Fig: Creating an A/B testing flow
Fig: Creating an A/B testing flow

To set up A/B testing in your flow, first create a condition with an A/B testing key. This will send half of your users to a screen with magic link as the primary authentication method, and half to a screen with passkeys as the primary authentication method.

Fig: The A/B testing flow
Fig: The A/B testing flow

You can then leverage Descope’s flow analytics dashboard to see which method results in a higher user conversion rate, or the user activity dashboard to see conversion by authentication method, and adjust your flows accordingly.

Fig: Descope flow analytics dashboard
Fig: Descope flow analytics dashboard

Use case: unified auth for multiple sites

If you have both a main website and a Shopify store on the same domain, maintaining a unified authentication system ensures a smooth user experience. Descope can act as a centralized identity provider across both platforms. You can configure your Descope project to make the refresh token available across the subdomains for both your website and store.

When a user logs into either your main website or Shopify store, a refresh token is stored on the main domain. Then, when the user clicks the login button on the second website, they will be automatically signed in.

Omnichannel flows with Descope
Fig: Omnichannel user journeys

To do so, simply set up Descope authentication for your main website using our flows or SDKs. Because you’ve already set up Shopify to use the same Descope project as the OIDC provider, users will be able to authenticate seamlessly across both platforms.

Improving auth for more conversions on Shopify Plus

Using Descope for your Shopify storefront authentication allows you to improve both security and user experience without compromising convenience. By integrating Descope as an OIDC provider, you can go beyond Shopify’s basic authentication system to improve conversions and reduce drop-offs.

The Descope Shopify Plus integration provides:

  • Improved conversion rates: High-security but low-friction auth tools usher customers through your digital turnstile without feeling pushy or unsafe.

  • Enhanced security: While improving the user experience, raise the bar on security with state-of-the-art passkeys, which leverage device biometrics and prevent phishing

  • Unified identity management: Build from a visual, workflow-based interface that can tackle complex auth challenges. Updates are real-time, eliminating the need to revisit your code base.

  • Detailed analytics: Draw from deep auth data to pinpoint drop-offs, leveraging flow A/B testing to determine which login methods or paths maximize conversions.

Whether you’re implementing modern methods like social login or unifying the auth experience across your main website and shop, Descope’s integration with Shopify Plus ensures a friendlier, safer journey that drives both security and sales for your ecommerce digital properties.

To get started with Descope, sign up for a free account or book a demo with our engineers to learn more.

Liked what you saw?

Check out these posts next

Descope WordPress Plugin: Secure Auth, MFA, SSO & More

Read more

Add Auth to Salesforce Commerce Cloud With Descope

Read more

Add Authentication to WooCommerce With Descope

Read more

Descope WordPress Plugin: Secure Auth, MFA, SSO & More

Read more

Add Auth to Salesforce Commerce Cloud With Descope

Read more

Add Authentication to WooCommerce With Descope

Read more
Chat with Sales

Anonymously - no Slack account required

Users Love Us BadgeLeave a Descope review

All systems operational

Copyright © Descope Inc. All rights reserved.