MembershipWorks provides industry standard OAuth 2 Single Sign On (RFC 6749 - Authorization Code Grant) to allow third party systems that support OAuth2 SSO to use MembershipWorks as the authorization server (login provider). To get setup:
- Go to Organization Settings > Apps
- Click on "Add App"
- Enter an App Name so you can identify what app you are using this for
- Provide the OAuth Redirect URL (this should be given to you by the third party system)
- Click Create
- Copy down the Client ID, Client Secret, Token Endpoint and User Info Endpoint. In particular the Client Secret is only available right after step 5 so make sure to copy it down carefully.
The Client ID, Client Secret, Authorization Endpoint, Token Endpoint and User Info Endpoint will all be required by the third party system to implement SSO. The Authorization Endpoint will be the URL of the member login page on your website - ie. the page where you've placed the MembershipWorks "Member Sign In and Manage Account" shortcode or snippet. Note that this page should not have a memberonly shortcode/snippet as well.
Once the third party system is setup when members need to login to that system they will be directed to the member login page on your website. If the member is not already logged in they will be prompted to login. Once they are logged in MembershipWorks will provide the authentication token to the third party system that will allow it to lookup the member's info via the User Info endpoint. The User Info endpoint will provide the following information:
- account_id - member's MembershipWorks account ID
- email - email address field
- name - account name field
- contact_name - contact name field (if applicable)
- organization_name - organization name field (if applicable)
- phone - phone field (if applicable)
- mobile - mobile field (if applicable)
- fax - fax field (if applicable)
- website - website field (if applicable)
The User Info endpoint also provides information on address, membership level, membership add-ons, membership expiration date, labels, folders and card image objects. But typically most third party systems will only utilize the email and name data.