Hi All,
I’m currently testing Shopify’s OIDC functionality, with Salesforce as the identity provider (IdP) and Shopify as the service provider (SP).
The flow proceeds as expected up to the authorization step:
Shopify successfully call the Salesforce authorization endpoint, the end user logs in and grants access, and Salesforce then redirects back to the specified callback URL with the code
and state
parameters.
However, Shopify responds with a 401 Unauthorized error at this point, and the logs contain the message:
Something went wrong: Access token request error
This seems misleading, since (to my understanding) shopify should not be requesting an access token at this callback stage—only the authorization code is involved here.
I’ve double-checked the configurations on both the IdP and SP sides, and everything appears to be in order. Btw, I’ve reached out to support, but did not receive any useful information.
Has anyone encountered a similar issue, or could suggest what might be causing this unauthorized response?
Thanks in advance for your help!
Request
GET
https://{mydomain}.my.salesforce.com/services/oauth2/authorize?scope=openid+email&client_id={clientId}&response_type=code&redirect_uri=https://shopify.com/authentication/{mystore}/login/external/callback&state=01JXVAWTN32D9ZS8X9YCC48SBB&nonce=57826e03-ca27-45d3-9649-6697db6d4ece&prompt
→ Response 302 Found
Request
GET
https://shopify.com/authentication/{mystore}/login/external/callback?code={HereIsACode}&state=01JXVAWTN32D9ZS8X9YCC48SBB
→ Response 401 Unauthorized
Here are some config screen shot: