Skip to main content
Orgo can act as an OAuth 2.0 provider, allowing members to use their Orgo credentials to log in to external applications. Implement single sign-on (SSO) for your organization’s tools and services.

How to access

SettingsDevelopersOAuth Applications

Prerequisites

  • Administrator access required
  • OAuth module enabled for your organization

How OAuth Works

1. User clicks "Login with Orgo" on your app

2. User redirected to Orgo login

3. User authenticates and approves

4. Orgo redirects back with authorization code

5. Your app exchanges code for access token

6. Your app uses token to access user data

Creating an OAuth Application

1

Navigate to OAuth settings

Go to SettingsDevelopersOAuth Applications.
2

Click Create Application

Start creating a new OAuth app.
3

Enter application details

Provide name, description, and redirect URIs.
4

Copy credentials

Save your Client ID and Client Secret securely.

Application Settings

name
string
required
Application name shown to users during authorization.
description
text
Description of what the app does.
redirectUris
array
required
Allowed callback URLs after authorization.
scopes
array
Permissions the app can request.

OAuth Endpoints

EndpointDescription
/oauth/authorizeAuthorization endpoint
/oauth/tokenToken exchange endpoint
/oauth/userinfoUser info endpoint

Authorization Flow

Step 1: Redirect to Authorization

GET /oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_REDIRECT_URI&
  response_type=code&
  scope=profile email

Step 2: Exchange Code for Token

POST /oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&
code=AUTHORIZATION_CODE&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET&
redirect_uri=YOUR_REDIRECT_URI

Step 3: Get User Info

GET /oauth/userinfo
Authorization: Bearer ACCESS_TOKEN

Available Scopes

ScopeData Accessible
profileName, profile picture
emailEmail address
groupsGroup memberships
rolesUser roles and permissions

User Info Response

{
  "sub": "user-uuid",
  "name": "John Doe",
  "email": "[email protected]",
  "picture": "https://...",
  "groups": ["main-group", "local-center"],
  "roles": ["ROLE_USER"]
}

Use Cases

Allow members to log in to internal tools with their Orgo account.
Provide SSO for partner services your members use.
Add “Login with Orgo” to your organization’s website.
Authenticate users in custom mobile applications.

Security Best Practices

Never expose Client Secret in client-side code.
Only whitelist specific, known redirect URIs.
All OAuth endpoints require HTTPS.
Only request the permissions your app actually needs.

Troubleshooting

Ensure the redirect URI exactly matches what’s registered in the app settings.
Access tokens expire. Use refresh tokens or re-authenticate.
Request the necessary scopes during authorization.