Antirius Auth Cloud for Shopify

Antirius Auth Cloud for Shopify

Customer login via Telegram, WhatsApp, MAX. Phone-only customer matching; hosted app backend + theme extension ZIP.

Download theme extension ZIP
Version 1.0.0

Shopify store, Partners app, Shopify Plus for Multipass auto-login

What the integration includes

  • Hosted Node.js app: Shopify OAuth, uninstall webhook, JWT session exchange.
  • Theme App Extension block replaces the storefront login UI with the Auth Cloud widget.
  • App Proxy: /apps/antirius/* on the shop domain → your backend /proxy/* (signed requests).
  • Finds or creates customers by phone only via Admin API.
  • Multipass redirect when multipass_secret is saved in /settings.
  • Standard Shopify login fallback link on the widget screen (opt-out in settings).
  • JWT (RS256) via JWKS; app_id must match your Application ID.

Before installation

1. Sign in to the Auth Cloud cabinet and create an application.

2. Connect at least one messenger bot.

3. Add your storefront origin (https://your-store.myshopify.com) to allowed domains.

4. Copy the application _id — paste it in the Shopify app settings.

5. Create a custom app in Shopify Partners and note API key/secret.

Deploy the backend app

1. Run the Shopify backend image with PUBLIC_URL and SHOPIFY_API_* (see package README). Auth Cloud URL comes from PUBLIC_BASE_URL on the id server.

2. In Partners: App URL → {PUBLIC_URL}/, redirect → {PUBLIC_URL}/auth/callback (embedded app).

3. Webhook app/uninstalled → POST {PUBLIC_URL}/webhooks/app/uninstalled.

4. App Proxy: prefix apps, subpath antirius, proxy URL {PUBLIC_URL}/proxy.

5. Install on a store: open {PUBLIC_URL}/auth?shop=store.myshopify.com.

6. After OAuth: Shopify admin → Apps → Antirius Auth Cloud — paste Application ID from id.antirius.com cabinet.

Configuration

1. On id.antirius.com: only PUBLIC_BASE_URL in `.env` — compose passes it to the Shopify backend and shows it in the embedded app settings (no separate variable).

2. Per store in Shopify app: Application ID only. Bots, allowed domains, message API — in Auth Cloud cabinet for that application.

3. Verify App Proxy: GET https://store.myshopify.com/apps/antirius/widget-config?shop=store.myshopify.com returns JSON.

Settings reference

SettingDescription
Application IDOnly required field in Shopify app — _id from id.antirius.com cabinet (per store).
PUBLIC_BASE_URLIn install/cloud `.env` (e.g. https://id.antirius.com). Used for Auth Cloud cabinet, widget.js, JWKS — shown read-only in Shopify app settings; merchants only enter Application ID.
Multipass secretOptional (Shopify Plus) — collapsed section in app settings.
App Proxyprefix apps, subpath antirius → /proxy/widget-config and /proxy/callback.

How it works

1. Customer opens login page → theme block loads widget via App Proxy config.

2. Customer confirms in messenger; browser POSTs session_id to /apps/antirius/callback.

3. Backend fetches session, verifies JWT (RS256), finds customer by phone or creates one.

4. With Multipass: redirect to signed login URL; otherwise message to use standard login.

Standard Shopify login

Link on the widget screen by default, or open directly:

https://your-store.myshopify.com/account/login?abc_bypass=1

Hide only the on-screen link in /settings; the URL above still works.

Security

JWT verified via JWKS (RS256); app_id in token must match Application ID. App Proxy requests verified with HMAC signature. No Auth Cloud secrets stored in the theme.

Requirements

  • Shopify Partners app with read/write customers scope.
  • Outbound HTTPS from app server to Auth Cloud Base URL.
  • Storefront origin in application allowed domains.
  • Shopify Plus + Multipass for passwordless auto-login.

Documentation

Theme extension

1. Download antirius-auth-cloud-shopify-theme.zip (button above).

2. Unpack auth-bots-login into extensions/ of your Shopify app repo.

3. Run shopify app deploy (Shopify CLI 3.x).

4. In the theme editor, add the “Auth Bots Login” block to the customer login template.