Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 3 Next »

Overview

This document provides technical specifications for authenticating profiles via the membes Single Sign On (SSO).

Via login from third party software

Use this process for a link from third party software to a login form where user is authenticated with both membes and third party software.

Prerequisites

  1. membes API

    1. The membes API incurs a setup and ongoing fee (provided on request), the customer can request access by logging a ticket in the Help Desk or emailing support@membes.com.au.

  2. API Keys and ClientID

    1. membes will provide the API keys and ClientID after the API has been enabled.

  3. Callback URL

    1. To be provided to membes by the third party software provider.

    2. Email the callback URL to support@membes.com.au.

SSO Process

  1. Request SSO Form (login form)

    1. https://[website_url]/member/oauthlogin/?redirect_uri=http://callbackurl&client_id=[client_id]&state=[callback_state]

    2. This call will respond with a login form.

  2. On Submission of SSO form

    1. User is authenticated with membes AMS.

    2. User is directed to [callback_url].

  3. Callback to [callback_url] will contain the following parameters

    1. ?code=[access_token]

    2. &state=[callback_state]

Refresh token

Access token is valid for one hour. Optionally, a refresh token can be obtained from the membes API.

  1. https://api.membes.com.au/api/oauth2/?refresh_token=[refreshtoken]

  2. Response: { status: true, "access_token": "xxxx-xxxx-xxxx" }

Membes API

Once access token has been obtained, further information about the authenticated user can be obtained from the membes API.

To request access token for the API:

  1. https://api.membes.com.au/api/oauth2/?code=[callback_token]&client_secret=[client_secret]

  2. Response: { status: true, "access_token": "xxx-xxx-xxx-xxx", "refresh_token": "yyy-yyy-yyy"}

Access third party software via link on website

Use this process if you want to provide a link to the third party software from a user already logged into their membes website.

Prerequisites

  1. Membes API

    1. The membes API incurs a setup and ongoing fee (provided on request), the customer can request access by logging a ticket in the Help Desk or emailing support@membes.com.au.

  2. API Keys and ClientID

    1. membes will provide the API keys and ClientID after the API has been enabled.

Link Process

  1. Custom JavaScript can be accessed via the advanced sections of the CMS.

    1. https://userguide.membes.com.au/membes-users-guide/advanced/custom-js-editor

  2. The membes CMS provides a JS object when a user is logged in. This object provides information about the logged in user.

    1. user = {id : "[membes_pk]",profilenumber : "[profile_number]"}

  3. The information in this object can then be used to generate a link to the third party software (custom JS).

  4. The third party software can then use the membes_pk to retrieve information about this user via the membes API.

  • No labels