Skip to main content

How does the user auth system work from a client perspective? i.e. if I am building a mobile app and a user log in, do I get a token associated with the user in Tribe to use for API calls?

Where am I?

In Tribe you can ask and answer questions and share your experience with others!

In Tribe, we follow the OAuth2 authorization method, and we do have a custom grant type.

To get an access token for a user you can use password grant_type if you know the password.

Send a POST request to https://yourcommunity.com/api/v1/oauth/token

It should include the following payload as application/x-www-form-urlencoded:

  • grant_type: password
  • client_id: [as provided]
  • client_secret: [as provided]
  • username: The username you want to authenticate with
  • password: the password you want to authenticate with

We also have a custom grant_type called "tribe:client_secret_credentials". With this grant type, you will be able to get the access_token for any user with their email, user_id (Tribe user id), or external_id (Your user provider user_id when SSO is enabled). You should POST this body to the same endpoint:

  • grant_type: tribe:client_secret_credentials
  • client_id: [as above]
  • client_secret: [as above]
  • email, user_id or external_id

By default, this grant_type is open to all IP addresses, but for security reasons, we suggest that you give us a list of IP addresses and we'll limit it to those.

The third way is to redirect the user to our OAuth2 login screen using the client_id provided, and we’ll send the user back to the defined callback url with an OAuth2 code. From there you can use our token endpoint using the code to retrieve the access token.

5