How To
ForgeRock Identity Cloud
Integrations

How do I integrate Identity Cloud with Shopify using the Remote Connector Server (RCS) and a scripted REST Connector?

Last updated Mar 3, 2022

The purpose of this article is to provide information on integrating ForgeRock Identity Cloud with Shopify® to synchronize customer accounts.

Overview

This article provides information on integrating Identity Cloud with Shopify to synchronize customer accounts. To do this you will need to set up a Remote Connector Server (RCS) and configure a scripted REST Connector for Shopify.

Steps involved:

  1. Set up the Remote Connector Server (RCS)
  2. Configure a Scripted REST Connector
  3. Create a Shopify app
  4. Link the scripted REST Connector to the Shopify customer API
  5. Configure mappings to sync between Identity Cloud and Shopify

Prerequisites

Setting up the Remote Connector Server (RCS)

You'll need to install the Java® Remote Connector Server (RCS) which is required for Identity Cloud to connect remotely to any supported identity resource server via a connector. See About Identity Cloud Connectors for further information.

Install and configure the RCS

Install the RCS by following steps 1 through 3 in Sync Identities:

  1. Register a remote server
  2. Download and configure the remote server
  3. Configure the remote server to connect to Identity Cloud

Once you've completed these steps, verify that the RCS server is connected: 

  • In the Identity Cloud Admin UI, navigate to Identities > Connect and check RCS server status is ‘Connected'.

Add the Shopify Groovy scripts to the RCS

Caution

The scripts provided here are sufficient for demo purposes and should not be used for production without additional development. For example, the SearchScript.groovy script supports only very limited search queries, and there is currently no support for pagination which would be required for large datasets.

The scripted REST Connector uses Groovy scripts to implement actions on a remote data source. 

  1. Download the tools.zip file: tools.zip (18 kB)
  2. Move the tools.zip file to the root directory of your RCS and extract the zip.

A tools folder is created containing the required Shopify Groovy script files.

Configuring a Scripted REST Connector

You'll configure the Scripted REST Connector using REST calls, as outlined in Create a connector configuration over REST

Before you begin 

  1. Get an access token for making REST calls.
  2. Set an environment variable with your access token value, for example: export TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkNWE4NDVjMy03MjFh LTQzN2QtYjIyZi04ZjNlNzUyNDExNWIiLCJjdHMiOiJPQVVUSDJfR1JBTlRfU0VUIiwiYXV0aF9sZXZ lbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiYjU4M2Q2NGUtM2VlYi00M2Y5LWI5ZTctZDM4MDI4MDQyYW JmLTY0MyIsImlzcyI6Imh0dHBzOi8vb3BlbmFtLWNhcmlhZ2EtMDUuZm9yZ2VibG9ja3MuY29tL2FtL"

Configure the Scripted REST Connector

  1. Run the following command to list the available connectors, replacing <tenant-name> with the name of your Identity Cloud tenant. $ curl \ --request POST 'https://<tenant-name>.forgeblocks.com/openidm/system?_action=availableConnectors' \ --header 'authorization: Bearer '"$TOKEN" \ --header 'Accept-API-Version: resource=1.0'

Your connector server returns a list of available connectors. This list includes details of the Scripted Rest Connector, similar to the example below, which you'll use in the next steps.{      "connectorHostRef": "rcs",       "displayName": "Scripted REST Connector",       "bundleVersion": "1.5.20.0",       "systemType": "provisioner.openicf",       "bundleName": "org.forgerock.openicf.connectors.scriptedrest-connector",       "connectorName": "org.forgerock.openicf.connectors.scriptedrest.ScriptedRESTConnector"     }

  1. Run the following command to generate the core configuration, replacing <tenant-name> with the name of your Identity Cloud tenant. In the connectorRef section, make sure you include your Scripted Rest Connector details generated in the previous step, for example:$ curl 'https://<tenant-name>.forgeblocks.com/openidm/system?_action=createCoreConfig' \ --header 'authorization: Bearer '"$TOKEN" \ --header 'content-type: application/json' \ --header 'accept: application/json, text/javascript, */*; q=0.01' \ --data-binary '{"connectorRef" :   {       "connectorHostRef": "rcs",       "displayName": "Scripted REST Connector",       "bundleVersion": "1.5.20.0",       "systemType": "provisioner.openicf",       "bundleName": "org.forgerock.openicf.connectors.scriptedrest-connector",       "connectorName": "org.forgerock.openicf.connectors.scriptedrest.ScriptedRESTConnector"     }   }'
  2. Run the following command to send the Shopify connector configuration to Identity Cloud, replacing <tenant-name> with the name of your Identity Cloud tenant. In the connectorRef section, make sure you include the correct Scripted Rest Connector details.

The configuration includes an example schema, which includes personal details, as well as marketing preferences, total spent, and notes on the customer record.$ curl --include --location --request PUT 'https://<tenant-name>.forgeblocks.com/openidm/config/provisioner.openicf/shopify3' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer '"$TOKEN" \ --data-raw '{  "connectorRef": {     "connectorHostRef": "rcs",     "displayName": "Scripted REST Connector",     "bundleVersion": "1.5.20.0",     "systemType": "provisioner.openicf",     "bundleName": "org.forgerock.openicf.connectors.scriptedrest-connector",     "connectorName": "org.forgerock.openicf.connectors.scriptedrest.ScriptedRESTConnector"   },   "poolConfigOption": {     "maxObjects": 10,     "maxIdle": 10,     "maxWait": 150000,     "minEvictableIdleTimeMillis": 120000,     "minIdle": 1   },   "resultsHandlerConfig": {     "enableNormalizingResultsHandler": false,     "enableFilteredResultsHandler": false,     "enableCaseInsensitiveFilter": false,     "enableAttributesToGetSearchResultsHandler": true   },   "operationTimeout": {     "CREATE": -1,     "UPDATE": -1,     "DELETE": -1,     "TEST": -1,     "SCRIPT_ON_CONNECTOR": -1,     "SCRIPT_ON_RESOURCE": -1,     "GET": -1,     "RESOLVEUSERNAME": -1,     "AUTHENTICATE": -1,     "SEARCH": -1,     "VALIDATE": -1,     "SYNC": -1,     "SCHEMA": -1   },   "configurationProperties": {     "customSensitiveConfiguration": null,     "createScriptFileName": "CreateScript.groovy",     "targetDirectory": null,     "customizerScriptFileName": "CustomizerScript.groovy",     "warningLevel": 1,     "authenticateScriptFileName": "AuthenticateScript.groovy",     "scriptExtensions": [       "groovy"     ],     "scriptOnResourceScriptFileName": "ScriptOnResourceScript.groovy",     "minimumRecompilationInterval": 100,     "deleteScriptFileName": "DeleteScript.groovy",     "scriptBaseClass": null,     "scriptRoots": [ "tools" ],     "customConfiguration": null,     "resolveUsernameScriptFileName": "ResolveUsernameScript.groovy",     "searchScriptFileName": "SearchScript.groovy",     "tolerance": 10,     "updateScriptFileName": "UpdateScript.groovy",     "debug": false,     "classpath": [],     "disabledGlobalASTTransformations": null,     "schemaScriptFileName": "SchemaScript.groovy",     "verbose": false,     "testScriptFileName": "TestScript.groovy",     "sourceEncoding": "UTF-8",     "syncScriptFileName": "SyncScript.groovy",     "recompileGroovySource": false,     "username": "username",     "password": "password",     "serviceAddress": "https://example.myshopify.com",     "proxyAddress": null,     "defaultAuthMethod": "BASIC",     "defaultContentType": "application/json",     "defaultRequestHeaders": null,     "OAuthTokenEndpoint": null,     "OAuthClientId": null,     "OAuthClientSecret": null,     "OAuthRefreshToken": null,     "OAuthScope": null,     "OAuthGrantType": "CLIENT_CREDENTIALS"   },       "objectTypes" : {         "__ACCOUNT__" : {             "$schema" : "http://json-schema.org/draft-03/schema",             "type" : "object",             "id" : "__ACCOUNT__",             "nativeType" : "__ACCOUNT__",             "properties" : {                 "givenName" : {                     "type" : "string",                     "nativeName" : "givenName",                     "nativeType" : "string"                 },                 "familyName" : {                     "type" : "string",                     "required" : true,                     "nativeName" : "familyName",                     "nativeType" : "string"                 },                 "uid" : {                     "type" : "string",                     "required" : true,                     "nativeName" : "__NAME__",                     "nativeType" : "string",                     "flags" : [                         "NOT_UPDATEABLE"                     ]                 },                 "userName" : {                     "type" : "string",                     "nativeName" : "userName",                     "nativeType" : "string",                     "flags" : [                         "NOT_CREATABLE",                         "NOT_UPDATEABLE"                     ]                 },                 "emailAddress" : {                     "type" : "string",                     "nativeName" : "emailAddress",                     "nativeType" : "string"                 },                 "telephoneNumber" : {                     "type" : "string",                     "nativeName" : "telephoneNumber",                     "nativeType" : "string"                 },                 "displayName" : {                     "type" : "string",                     "nativeName" : "displayName",                     "nativeType" : "string",                     "required" : false                 },                 "created" : {                     "type" : "string",                     "nativeName" : "created",                     "nativeType" : "string",                     "required" : false                 },                 "lastModified" : {                     "type" : "string",                     "nativeName" : "lastModified",                     "nativeType" : "string",                     "required" : false                 },                 "marketing" : {                     "type" : "boolean",                     "nativeName" : "marketing",                     "nativeType" : "boolean",                     "required" : false                 },                 "totalspent" : {                     "type" : "string",                     "nativeName" : "totalspent",                     "nativeType" : "string",                     "required" : false                 },                 "note" : {                     "type" : "string",                     "nativeName" : "note",                     "nativeType" : "string",                     "required" : false                 }             }         }     },     "operationOptions" : {         "CREATE" : {             "objectFeatures" : {                 "__ACCOUNT__" : {                     "operationOptionInfo" : {                         "$schema" : "http://json-schema.org/draft-03/schema",                         "type" : "object",                         "properties" : { }                     }                 }             }         },         "UPDATE" : {             "objectFeatures" : {                 "__ACCOUNT__" : {                     "operationOptionInfo" : {                         "$schema" : "http://json-schema.org/draft-03/schema",                         "type" : "object",                         "properties" : { }                     }                 }             }         },         "DELETE" : {             "objectFeatures" : {                 "__ACCOUNT__" : {                     "operationOptionInfo" : {                         "$schema" : "http://json-schema.org/draft-03/schema",                         "type" : "object",                         "properties" : { }                     }                 }             }         },         "TEST" : {             "objectFeatures" : { }         },         "SCRIPT_ON_CONNECTOR" : {             "objectFeatures" : { }         },         "SCRIPT_ON_RESOURCE" : {             "objectFeatures" : { }         },         "GET" : {             "objectFeatures" : {                 "__ACCOUNT__" : {                     "operationOptionInfo" : {                         "$schema" : "http://json-schema.org/draft-03/schema",                         "type" : "object",                         "properties" : { }                     }                 }             }         },         "RESOLVEUSERNAME" : {             "objectFeatures" : {                 "__ACCOUNT__" : {                     "operationOptionInfo" : {                         "$schema" : "http://json-schema.org/draft-03/schema",                         "type" : "object",                         "properties" : { }                     }                 }             }         },         "AUTHENTICATE" : {             "objectFeatures" : {                 "__ACCOUNT__" : {                     "operationOptionInfo" : {                         "$schema" : "http://json-schema.org/draft-03/schema",                         "type" : "object",                         "properties" : { }                     }                 }             }         },         "SEARCH" : {             "objectFeatures" : {                 "__ACCOUNT__" : {                     "operationOptionInfo" : {                         "$schema" : "http://json-schema.org/draft-03/schema",                         "type" : "object",                         "properties" : { }                     }                 }             }         },         "VALIDATE" : {             "objectFeatures" : { }         },         "SYNC" : {             "objectFeatures" : {                 "__ACCOUNT__" : {                     "operationOptionInfo" : {                         "$schema" : "http://json-schema.org/draft-03/schema",                         "type" : "object",                         "properties" : { }                     }                 }             }         },         "SCHEMA" : {             "objectFeatures" : { }         }     } }'

  1. In the Identity Cloud Admin UI, navigate to Native Consoles > Identity Management > Configure > Connectors.

The Shopify connector is displayed in the Identity Management native console. 

Creating a Shopify app

  1. Log in to your Shopify store as the store owner.
  2. Generate the required credentials for connecting with your app by following the Shopify documentation. Use the following configuration for Identity Cloud:
    • App details: Enter the app name, for example, ForgeRock. Enter your email address for the Emergency developer email.
    • Admin API: Click Show inactive Admin API permissions, navigate to Customers and enable Read and Write.
  3. After you've saved the app, make a note of the API credentials for the private app you created. You'll need these when you complete the Scripted REST Connector configuration in Identity Cloud.

Linking the Scripted REST Connector to the Shopify customer API

  1. In the Identity Cloud Admin UI, navigate to Native Consoles > Identity Management > Configure > Connectors and select the Shopify connector.
  2. Enter the following details:
    • Service address: Enter your Shopify store URL.
    • Username: Enter the API key from your Shopify private app.
    • Password: Enter the API password from your Shopify private app.
  1. Click Save.

To validate the connector:

  1. Navigate to the Data tab to retrieve customers from Shopify. If you do not already have any users in Shopify this will be empty.
  2. In your Shopify store, add a new customer.
  3. In the Identity Cloud Admin UI, refresh the Data tab (Native Consoles > Identity Management > Configure > Connectors > Shopify connector > Data), and check that the new customer record is listed.
Note

It might take some time for the first record to appear, so you may need to refresh a few times. 

Configuring mappings to sync identities between Shopify and Identity Cloud 

You can sync in either direction between Identity Cloud and Shopify, so you may need to create two sync mappings depending on your use cases.

The steps below show you how to sync identities for the example schema provided in the Configuring a Scripted REST Connector section.

See Configure a Resource Mapping for further information on configuring mappings.

Sync Shopify users to Identity Cloud

  1. In the Identity Cloud Admin UI, navigate to Native Consoles > Identity Management > Create Mapping.
  2. Select the source (Shopify) and target resource (for example, Managed Alpha_User) and click Create mapping > Create.
  3. Click Quick Mapping to show all source and target properties.
  4. Drag the required source properties onto their corresponding target properties to create mappings, similar to the following example:
  1. Click Save.
  2. Sync marketing preferences by adding a JavaScript transformation script to the Preferences property:
    1. Navigate to Properties tab > Attributes Grid.
    2. Click Add property, select the preferences property and click Add.
    3. In the Transformation Script tab, add the following JavaScript transformation script, and click Save:result = {}; result.marketing = source.marketing; result.updates = false; result;
  1. Add a correlation query on the Mail attribute:
    1. Navigate to Association tab > Association Rules and select Correlation Queries.
    2. Click Add Correlation Query.
    3. Select Any of the following fields.
    4. Click the plus sign (+), select mail and click Submit.
  1. Set the mapping behavior to Default Actions:
    1. Select the Behaviors tab.
    2. Select Default Actions in the Current Policy drop-down and click Save.
  2. Click Reconcile to sync the identities.

Once the reconciliation is complete, in the Identity Cloud Admin UI, navigate to Identities > Manage > Alpha/Bravo Realm Users to check the Shopify accounts which have been sync'd to Identity Cloud.

Sync Identity Cloud users to Shopify

  1. In the Identity Cloud Admin UI, navigate to Native Consoles > Identity Management > Create Mapping.
  2. Select the source (for example, Managed Alpha_User) and target resource (Shopify) and click Create mapping > Create.
  3. Click Quick Mapping to show all source and target properties.
  4. Drag the required source properties onto their corresponding target properties to create mappings, similar to the following example:
  1. Click Save.
  2. Manually add a transformation mapping for the Marketing property:
    1. Navigate to Properties tab > Attributes Grid.
    2. Click Add property and select the marketing property, then click Add.
    3. In the Transformation Script tab, add the following JavaScript transformation script and click Save:source.preferences.marketing;
  1. Add a correlation query on the mail attribute:
    1. Navigate to Association tab > Association Rules and select Correlation Queries.
    2. Click Add Correlation Query.
    3. Select Any of the following fields.
    4. Click the plus sign (+), select emailAddress and click Submit.
  1. Change the mapping behavior from Read-Only to Default Actions:
    1. Select the Behaviors tab.
    2. Select Default Actions in the Currency policy drop-down and click Save.
  2. Click Reconcile to sync the identities.

You should now see user accounts from Identity Cloud in your Shopify dashboard.

See Also

How do I implement a Remote Connector Server (RCS) for Identity Cloud?

Sync Identities in Identity Cloud

Identity Cloud or IDM fail to connect to the Remote Connector Server (RCS) with a Failed to validate and load script error

Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.