Custom IdP: "Discovery document request error"

Authentication & Access
,
1

Hi everyone,

We are currently setting up a custom IdP for Shopify Customer Accounts but are consistently encountering the following error:

“Discovery document request error.” (See attached screenshot and Request ID below)

Request ID: 847d0dc3-0c07-4891-900d-9443756abdcb-1777982938

image
image445×359 13.6 KB

Technical Details:

  • Hosting: The IdP is hosted on an Azure server in the EU region.

  • Performance: The average response time for the .well-known/openid-configuration endpoint is consistently < 0.1 seconds.

  • External Validation: We have successfully tested and simulated the entire authentication flow using Postman. The configuration is reachable and valid outside of the Shopify environment.

Current Discovery Configuration (snippet):

  "issuer": "https://IDP.com/",
  "authorization_endpoint": "https://IDP.com/connect/authorize",
  "token_endpoint": "https://IDP.com/connect/token",
  "introspection_endpoint": "https://IDP.com/connect/introspect",
  "end_session_endpoint": "https://IDP.com/connect/endsession",
  "userinfo_endpoint": "https://IDP.com/connect/userinfo",
  "jwks_uri": "https://IDP.com/.well-known/jwks",
  "grant_types_supported": [
    "authorization_code",
    "refresh_token",
    "client_credentials"
  ],
  "response_types_supported": [
    "code"
  ],
  "scopes_supported": [
    "openid",
    "offline_access",
    "email",
    "profile",
    "roles"
  ],
  "claims_supported": [
    "aud",
    "exp",
    "iat",
    "iss",
    "sub"
  ]

Could you please clarify if there is anything missing or incorrect in our configuration that might trigger this error, or provide more detailed information on why this specific Request ID failed?

Thanks in advance for your help!

Best regards

2

Hey, I understand how frustrating this can be, I would love to help you with this issue. Let’s jump on a quick call chat so we can disscuse more on it. I look forward to hearing from you.

3

Hey @HS_Web, I checked the request ID, and Shopify did reach the IdP discovery endpoint. Timing looked healthy, and the discovery fetch returned HTTP 200.

Shopify failed when parsing the response body. It started with <!DOCTYPE, which means Shopify received HTML where the OIDC discovery response should be JSON.

That usually means something around the IdP is serving an HTML page to Shopify, such as a WAF or proxy page, bot challenge, redirect target, login page, or rewritten response. I would check the exact discovery URL configured in Shopify and confirm it returns JSON when Shopify requests it, with no redirect or HTML response.

4

Hey @Donal-Shopify,

Thank you for checking the request ID! That was exactly the hint we needed.

It turns out that while swapping URLs during testing, we accidentally left only the Issuer URL in the configuration. Shopify was therefore hitting our HTML landing page instead of the JSON endpoint.

We’ve corrected the URL and the IdP is now successfully connected. Thanks again for the support!

Best regards