Customers of MembershipWorks can now use OAuth 2 Single Sign On to allow members to sign in to other applications through MembershipWorks. A common use for this feature would be to enable members to sign in to a forum or Learning Management System (LMS) application through the MembershipWorks sign in.
The third-party application will need to support the industry-standard OAuth 2 Authorization Code Grant protocol. MembershipWorks will act as the authorization server and the application would be the client application.
To configure a new OAuth 2 app access in MembershipWorks:
- Go to Organization Settings > Apps
- Click on “Add App”
- Enter an App Name so you can identify what app you are using this for
- Provide the OAuth Redirect URL (this should be given to you by the third-party application)
- Enable “Disable SSO if member is past due” if you want to block members from signing in to the other application if their membership is past due
- Click Create
- Copy down the Client ID, Client Secret, Token Endpoint and User Info Endpoint. In particular the Client Secret is only available right after step 5 so make sure to copy it down carefully.
The Client ID, Client Secret, Authorization Endpoint, Token Endpoint and User Info Endpoint will all be required by the third-party application to implement SSO. The Authorization Endpoint will be the URL of the member login page on your website – ie. the page where you’ve placed the MembershipWorks “Member Sign In and Manage Account” shortcode or snippet. Note that this page should not have a memberonly shortcode/snippet as well.
Once the third-party application is setup, when members need to login to that application they will be directed to the member login page on your website. If the member is not already logged in they will be prompted to login. Once they are logged in MembershipWorks will provide the authentication token to the third-party application that will allow it to lookup the member’s info via the User Info endpoint.
The User Info endpoint is capable of providing the following information:
- account_id – member’s MembershipWorks account ID
- email – email address field
- name – account name field
- contact_name – contact name field (if applicable)
- organization_name – organization name field (if applicable)
- phone – phone field (if applicable)
- mobile – mobile field (if applicable)
- fax – fax field (if applicable)
- website – website field (if applicable)
The User Info endpoint also provides information on address, membership level, membership add-ons, membership expiration date, labels, folders and card image URLs. However these are more complex objects that may not be utilized by the third-party application. Typically most third-party applications can only utilize basic data such email and name.
Note that due to the technical nature of the task, you may need to enlist a developer to help set up and test the Oauth 2 connection between MembershipWorks and the application.