Customer Authentication for Mobile App Using InfusionSoft OAuth2 Integration

Max Classic
,
1

We are currently developing a mobile app in Flutter and are attempting to require customer logins for authentication via InfusionSoft’s OAuth2. I’ve read through the IS OAuth2 docs and watched John B’s “Using OAuth2 and Infusionsoft API/REST“ video and am still having an incredibly challenging time trying to figure out the flow of the process. I understand that the users must allow access to the app and if they are not logged in then they’ll have to log in and then explicitly click the “allow” button to grant access. Is this done by the user being redirected and logging in at https://accounts.infusionsoft.com/app/oauth/authorize? It appears so, but all of the contact/member test accounts I’m using are unable to log in here. I’m unsure if contact/member accounts should be able to log in here or if there is another location to direct them to like our InfusionSoft app URL.

We’ve implemented the OAuth2 package in Flutter, coded the authentication with the clientID, clientSecret, scope, tokenEndpoint, authorizationEndpoint, and redirectUrl according to the Keap docs. The app does access the authorizationEndpoint of https://accounts.infusionsoft.com/app/oauth/authorize via the Flutter http package with no errors and does prompt for a login. Without the proper request format I get errors in the UI, so I’m assuming the Flutter OAuth2 package is formatting everything correctly.

None of our customers log into InfusionSoft directly. They only ever access CustomerHub. This is a source of confusion as well. The folks at CustomerHub informed us that do not currently have a public API and that all authentication will need to be done against InfusionSoft as the member/contact information is stored there.

Could someone confirm for me that my InfusionSoft contacts/members should be able to log in via ‘https://accounts.infusionsoft.com/app/oauth/authorize’ to allow access to the mobile app? If so, I can start looking at reasons that my test users aren’t able to log in. If there is any other details you think I’m missing please inform me. I feel like we’re super close.

Thanks in advance,

-Brian

2

We’ve worked through some unknowns that were asked in the previous question above. This reply is to help anyone that is up against similar challenges.

As of this writing we have OAuth2 authentication working via the IS/Keap PHP SDK. We are able to capture the authentication token for API access to the ID, e-mail, password, tags, etc. The token is also configured to refresh every 20 hours and is able to via the SDK with no issue.

The breakdown in understanding was how IS/Keap is managing individual users, if at all. Ultimately, IS/Keap is not managing individual users at all. There are only contacts (what I was calling “users”) that have a custom password text field associated with the contact. As an aside, I did read that this was strongly recommended against. Of course it is. The passwords are stored in plain text in a custom field. We’ll be working through this soon.

The users/contacts get generated through the contact creation workflow that has been configured previously. These user/contacts have no permissions or ability to log into IS/Keap for OAuth2 approval. This functionality is limited to only the IS/Keap admins and managers, which are called “users” in the IS/Keap nomenclature. I’m glad that’s clear now.

Additional confusion was how the users/contacts are able to log into CustomerHub, especially updating the password that also gets pushed to the custom field back in IS/Keap. This is all achievable with access to the API.

Hope this helps,

-Brian