Discovery

The discovery URL is found by adding an "OAuth" subfolder to the MinistryPlatform URL. Make sure you replace the old Discovery URL with the new next generation URL.

New Next Generation Friendly Discovery URL

https://example.ministryplatform.com/ministryplatformapi/oauth/.well-known/openid-configuration

The discovery URL will display various end-points, scopes, and response types supported by MinistryPlatform's OAuth implementation.

General Use

1. User chooses to log in using STS provider.
2. User is redirected to provider's login page.
3. STS provider authenticates user.
4. User is redirected back to original application along with an Access Token.
5. Access Token is passed in Authorization Header of each subsequent request in order to gain access to Resources.

OAuth & MinistryPlatform

• MinistryPlatform acts as an STS provider:
  • Log in to MinistryPlatform.
  • Get an Access Token using the Platform.
  • Use OAuth workflows in MinistryPlatform.
  • Authorization users existing security roles to determine access.
• MinistryPlatform acts as an STS consumer:
  • Configure MinistryPlatform to log in using Facebook, Google, or other OAuth providers.
  • Theoretically, log in to Facebook using the Platform.
• Batch Manager Tool and other Tools:
  • Use Client Credentials workflow.
  • Authorization uses existing security roles.

Workflows

• Allows client applications to have access without storing a user name or password.
• Can provide data to an end-user whether they are logged in or out.
• Best choice for 99% of your application development.
• Client-specific user assignment.

See API & Identity Pages and Giving Developers Access.

See Users and Third Party Developers.

See Also

• REST API
• Swagger
• API Wrapper
• External Login Authentication
• API & Identity Pages

Additional Documentation

• Official OAuth 2.0 documentation - https://oauth.net/2/
• Oracle's documentation including workflow diagrams - docs.oracle.com
• ITNext OAuth 2.0 for beginners - https://itnext.io/