Versions Compared

Version Old Version 14 New Version Current
Changes made by

Membes Support

Membes Support

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

This document provides technical specifications for authenticating profiles via the membes Single Sign On (SSO).

Enable SSO

The customer can request SSO be enabled by logging a ticket in the Help Desk

Via login from third party software

Use this process for a link from third party software to a login form where user is authenticated with both membes and third party software.

Prerequisites

  1. Membes API

    1. The Membes API incurs a setup and ongoing fee (provided on request), the customer can request access by logging a ticket in the Help Desk or emailing support@membes.com.au.

  2. API Keys and ClientID

    1. Membes will provide the API keys and ClientID after the API has been enabled.

  3. Callback URL

    1. To be provided to Membes by the third party software provider.

    2. Email the callback URL to support@membes.com.au.

SSO Process

Request SSO Form

  • Client ID

    • referred to as [[client_id]] in this document.

    • This is provided FROM Membes

  • Callback URL

    • referred to as {{callback_url}} in this document.

    • Provided TO Membes via the Helpdesk.

SSO Process

  1. Direct user to SSO form (login form)

    1. https://

[

    1. {{customer_website_url

]

    1. }}/member/oauthlogin/?redirect_uri=http://{{callbackurl}}&client_id=[[client_id]]&state=[

callback

    1. optional_internal_state]

    2. This call will

respond with a

    1. display login form

.

    1. in the users browser

  2. On

Submission of

  1. login by the user via the SSO form

    1. User is authenticated with Membes AMS.

    2. User is

directed

    1. redirected to

[

    1. {{callback_url

]

    1. }}.

Callback

  1. The callback to

[

  1. {{callback_url

]

  1. }} will contain the following parameters

  • ?code=[access_token]

      1. &state=[

    callback

      1. optional_internal_state]

    Refresh token

    Access token is valid for one hour. Optionally, a refresh token can be obtained from the Membes API.

    1. https://api.membes.com.au/api/oauth2/?refresh_token=[refreshtoken]

    2. Response: { status: true, "access_token": "xxxx-xxxx-xxxx" }

    Membes API

    Once access token has been obtained, further information about the authenticated user can be obtained from the Membes API.

    To request access token for the API:

    1. https://api.membes.com.au/api/oauth2/?code=[callback_token]&client_secret=[client_secret]

    2. Response: { status: true, "access_token": "xxx-xxx-xxx-xxx", "refresh_token": "yyy-yyy-yyy"}

      1. (passed through from step 1)

      2. &profileID=[profile_id_of_authenticated_user]

      3. &email=[primary_email_address_of_autenticated_user]

      4. &status_id=[membership_status_of_autenticated_user] (0 = No, 1 = Active Member, 2 = Inactive Member)

    Although the Membes API is not a prerequisite for the Membes SSO, the Membes API could be used from this point to retrieve or update profile details.

    User Logout

    To log a user out from his/her their session in Membes:

    1. https://

    [

    1. {{customer_website_url

    ]

    1. }}/member/oauthlogout

    2. Response: { status: true }

    Access third party software via link on website

    Use this process if you want to provide a link to the third party software from a user already logged into their Membes website.

    Prerequisites

    1. Membes API

    1. The Membes API incurs a setup and ongoing fee (provided on request), the customer can request access by logging a ticket in the Help Desk or emailing support@membes.com.au.

    Authentication Secret

    Membeswill provide the authentication secret after the API has been enabled.

    API Url

    The URL for the Membes customer API. [membesapiurl] (https://documenter.getpostman.com/view/9582776/TzzDKahF#ec358997-598a-4e21-98b7-eecf26dff12b#intro )

      1. See Membes API

    Creating the Link in website

    1. Login to Membes admin > CMS.

    2. Navigate to the page that you want to place the link to the 3rd party software in.

    3. Make sure the page is set to

    require

    1. requires login, as the user must be logged in for the Authenticated URL to be generated.

    2. In the href parameter of the link, place the following shortcode:

      Code Block
      [code]Application.util.authLink("www.yoursite.com")[/code]

    This shortcode, when rendered, will generate a url containing a JWT Token as a url parameter called “membes_token”.

    e.g. https://www.yoursite.com/?membes_token=[jwttoken]

    When the logged in user clicks the generated link they will be sent to “https://www.yoursite.com” with the token appended to the URL.

    Validating the Token

    When you receive a request to http://yoursite {{customer_website_url}} with membes_token in the URL, you then validate this token via the Membes API at [membesapiurl].

    1. Send token to (https://documenter.getpostman.com/view/9582776/TzzDKahF#ec358997-598a-4e21-98b7-eecf26dff12b ): GET https://[membesapiurl]/api/token/validate/[jwttoken]

    2. Response will be JSON format:

    Code Block
    languagejson
    { 
  valid: true|false,
  data: {
    id: [membes PK],
    profileNumber: [profileNumber],
    firstName: [first name],
    surname: [surname],
    email: [primary email address],
    membershipType: [membership type as string],
    membershipTypeID: [membership type as ID],
    membershipStatus: [membership status as string (--, Active, Inactive) ],
    membershipStatusID: [membership status as ID],
  }
}

    Table of Contents