OIDC connect with Shopify
โ๏ธConfiguration๐ฌSelf-hosted๐ก๏ธAuthorizationโQuestion๐OIDC
I'm trying to integrate ZITADEL with Shopify Customer Accounts (OIDC) and I'm running into an "Access token request error" after login.
Setup:
ZITADEL self-hosted
OAuth endpoints resolve correctly
Discovery document works
Login flow works and users can authenticate successfully.
Flow:
Shopify redirects user to ZITADEL authorize endpoint
User logs in successfully
ZITADEL redirects back with authorization code
Shopify attempts token exchange
Shopify returns: "Access token request error"
openid email customer-account-api:full profile
ZITADEL login logs show successful authentication:
completeFlowOrGetUrl: got OIDC/SAML flow result
Session is valid: true
Password auth: OIDC/SAML flow with requestId
So authentication succeeds, but the token exchange step fails.
Questions:
Are there specific OIDC settings required in ZITADEL for Shopify Customer Accounts?
BTW I connected with Shopify and they said that
Does ZITADEL support the customer-account-api:full scope format expected by Shopify?
Is client_secret_post required for the token endpoint with Shopify?
If anyone has successfully integrated ZITADEL with Shopify Customer Accounts, Iโd really appreciate guidance
Setup:
ZITADEL self-hosted
OAuth endpoints resolve correctly
Discovery document works
Login flow works and users can authenticate successfully.
Flow:
Shopify redirects user to ZITADEL authorize endpoint
User logs in successfully
ZITADEL redirects back with authorization code
Shopify attempts token exchange
Shopify returns: "Access token request error"openid email customer-account-api:full profile
ZITADEL login logs show successful authentication:
completeFlowOrGetUrl: got OIDC/SAML flow result
Session is valid: true
Password auth: OIDC/SAML flow with requestId
So authentication succeeds, but the token exchange step fails.
Questions:
Are there specific OIDC settings required in ZITADEL for Shopify Customer Accounts?
BTW I connected with Shopify and they said that
email_verifiedemail_verified claim is missing.Does ZITADEL support the customer-account-api:full scope format expected by Shopify?
Is client_secret_post required for the token endpoint with Shopify?
If anyone has successfully integrated ZITADEL with Shopify Customer Accounts, Iโd really appreciate guidance
