Skip to content

How can we make it easier for you to develop on top of Wild Apricot?

← Developers

Accessing member ID from a 3rd party website

Hi

Not sure if this is possible

I am designing a 3rd party website and I would like to offer our WA members the ability to login using the WA SSO and access a restricted section within the 3rd party. Although I can achieve this I would like WA to tell me who the member who logged in was (e.g. by telling me the memberID)

Is there a way to do this?

So far I do the following based http://help.wildapricot.com/display/DOC/Single+sign-on+service
1. I get the SSO working and WA returns state and code

  1. I then send $data["granttype"]="authorizationcode"; $data["authorizationcode"]=$GET['code']; $data["clientid"]=$cID; $data["redirecturi"]="http://mywawebsite.org/login.php"; //same as sent in SSO request $data["scope"]="contacts_me"; $data["state"]="123"; //same as sent at SSO

I then use curl and send the following headers:
$headers = array(
"Authorization: Basic {$cIDencrypted}",
'Content-Type: application/x-www-form-urlencoded',
'Content-Length: ' . strlen($d)
);

where $cIDencrypted is clientId:clientSecret base64 encoded

curlsetopt($ch, CURLOPTURL, 'http://oauth.wildapricot.org/oauth/token'); //your helper website says http not https

curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $d);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);

I don't get anything back.

So Problem 1 I don't get a token.

Can you help with this please?

Also once I have the token how do get the member's details ? Or is there another way?

BW
Marios

1 vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Marios Nicolaou shared this idea  ·   ·  Report…  ·  Admin →
Resolved  ·  Team Mobile responded  · 

Everything works, see discussion for details.

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Marios Nicolaou commented  ·   ·  Report

    Thank you dmitry

    Now it works

    Here is what I do:

    Firstly I redirect to the SSO (second if below)

    Then I get the token and I call the contacts me function

    BW

    Marios

    define the following:
    const LOGIN_URL=; //this is your WA website url eg www.google.com
    $cID='XXXX';
    $cSecret='XXXX';
    $accountID=NNN; //your WA accoun number
    $redirectURL="http://yourwebsitetoredirect after login";

    if ($_SESSION['loggedIn']!=1 && $_GET['code']) {

    $data["grant_type"]="authorization_code";
    $data["code"]=$_GET['code'];
    $data["client_id"]=$cID;
    $data["redirect_uri"]=$redirectURL;
    $data["scope"]="contacts_me";

    $headers = array(
    'Content-Type: application/x-www-form-urlencoded',
    'Content-Length: ' . strlen($d)
    );
    $d=http_build_query($data);

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, AUTH_URL);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($ch, CURLOPT_USERPWD, "{$cID}:{$cSecret}"); //Your credentials goes here
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $d);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_VERBOSE, true);

    $res = curl_exec($ch);
    $err=curl_error($ch);
    $info = curl_getinfo($ch);

    curl_close($ch);
    $json= (json_decode($res, true));

    if (isset($json["access_token"])){

    $headers = array(
    'Authorization: Bearer ' . $json["access_token"],
    'Content-Type: application/json'
    );
    $url = "https://api.wildapricot.org/v2/Accounts/$accountID/Contacts/me";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch,CURLOPT_HTTPHEADER, $headers);

    $jsonResult = curl_exec($ch);
    $err=curl_error($ch);
    $info = curl_getinfo($ch);

    curl_close($ch);
    $r=( json_decode($jsonResult, true));

    }
    } else if ($_SESSION['loggedIn'] !=1) {

    $_SESSION['loggedIn']=0;

    header ("Location: ".LOGIN_URL."/sys/login/OAuthLogin?client_id={$cID}&scope=contacts_me&redirect_uri={$redirectURL}&claimed_account_id={$accountID}&response_type=authorization_code");

    }

  • Dmitry Smirnov commented  ·   ·  Report

    Marios,

    Authorization header and url looks valid. I don't know why you get the 401. But I have an idea: there is a sample aplication called "api browser". You can use it to verify your token and compare your request with working one.

    So, please
    * Open on url: https://api.wildapricot.org/ui/home/OAuth
    * Insert your token into text field and click "Load"

    Here is a screenshot https://drive.google.com/file/d/0B6T2Ed06iYnSb2N3bFM3VW9SUEU/view?usp=sharing

    If your token is valid, then you will see a formated json answer and will be able to make any api requests. Using developer console in your browser you will be able see requests structure, all headers etc.

  • PHPDev commented  ·   ·  Report

    Hi Marios, there doesn't seem to be a way to message you through the forums. I''m not able to get the token with my code and what you have in your post below does not work. Would you be willing to share your file with me? My email is: ryan.lispy@gmail.com

  • Marios Nicolaou commented  ·   ·  Report

    Hi

    So I got this working (see below ) BUT I now have the following question:

    Once I have a token, can I use that to get the users details eg member ID?

    For example:
    $headers = array(
    'Authorization: Bearer ' . $json["access_token"],
    'Content-Type: application/json'
    );

    $url = "https://api.wildapricot.org/v2/Accounts/$accountID/Contacts/me";

    I get an error when I send this:
    < HTTP/1.1 401 Invalid credentials. Access to API not allowed.

    If this is not possible how else can I retrieve the logged in credentials or at least the member ID?

    This solution may help others:

    $data["grant_type"]="authorization_code";
    $data["code"]=$_GET['code'];
    $data["client_id"]=$cID;
    $data["redirect_uri"]=$redirectURL;
    $data["scope"]="contacts_me";

    $headers = array(
    'Content-Type: application/x-www-form-urlencoded',
    'Content-Length: ' . strlen($d)

    );
    $d=http_build_query($data);

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, AUTH_URL);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($ch, CURLOPT_USERPWD, "{$cID}:{$cSecret}");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $d);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($ch, CURLOPT_VERBOSE, true);
    $res = curl_exec($ch);
    $err=curl_error($ch);
    $info = curl_getinfo($ch);

    curl_close($ch);
    $json= (json_decode($res, true));

  • AdminTeam Mobile (Admin, Wild Apricot by Personify) commented  ·   ·  Report

    Hi Marios,

    I'm really sorry, but I can't help you with PHP code, because of lack of PHP expertise. If you provide more information about what data you send (not a php code, but a raw http request content) and what comes back, I will digg deeper.

    API does not use sessions.

    Also you can look at sample asp.net application and try to copy the logic.

  • Marios Nicolaou commented  ·   ·  Report

    Thank you Dmitry

    I still dont get a token back!

    I have tried:
    curl_setopt($ch, CURLOPT_URL, 'http://oauth.wildapricot.org/oauth/token');
    curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_jar);

    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $d);

    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt ($ch, CURLOPT_SSLVERSION,3);
    curl_setopt($ch, CURLOPT_VERBOSE, true);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    Do I need cookies?

    Anything else to suggest?

    BW
    Marios

  • Dmitry Smirnov commented  ·   ·  Report

    Hi Marios,

    We have a sample asp.net mvc application, which demonstrates how to work with SSO service. You can find it here https://github.com/WildApricot/ApiSamples/tree/master/C%23/OAuthClientTestApp

    Regarding your code:
    On step 2 you should pass

    $data["grant_type"]="authorization_code";
    $data["code"]=$_GET['code'];
    $data["client_id"]=$cID;
    $data["redirect_uri"]="http://mywawebsite.org/login.php"; //same as sent in SSO request
    $data["scope"]="contacts_me";

    to the url HTTPS://oauth.wildapricot.org/oauth/token

    Dmitry,
    API and Mobile developer at Wild Apricot

Developers

Categories

Feedback and Knowledge Base

(thinking…)
WildApricot Inc. 
144 Front Street West 
Suite 725 
Toronto, Ontario M5J 2L7 
Canada
Terms and Policies
WildApricot Inc. Service Provider Level 1