Login with Merit
Merit Apps can ask Merit Members for programmatic access to their merits and profile on behalf of an Organization by asking them to "Login with Merit" using your App.
Web Flow
In order for your App to see a Merit Member's profile or Merits you'll need to add a "Login with Merit" web flow to your own software.
Somewhere in your software you may show a "Login with Merit" button, which should trigger a call to the RequestLoginWithMerit Url endpoint, documented here: https://developer.merits.com/reference#request-login-with-merit-url
Your App may request some combination of the following permissions in the table
Permission Type | What it grants |
---|---|
CanViewAllStandardMerits | View Merits sent to the recipient by any Org |
CanViewPublicProfile | View the recipient's name and primary email |
CanViewAllStandardMeritsFromOrg (with a specific OrgId) | View Merits sent to the recipient by a specific Org NOTE: it is not necessary to pass this permission for your own Org or the linked Org; Those are given |
curl -X POST -H "Authorization: Bearer {orgAccessToken}" https://api.merits.com/v2/orgs/5bb5a3992bfa430006c47bd5/request_loginwithmerit_url -H "Content-Type: application/json" -d '{ "requestedPermissions": [{ "permissionType": "CanViewPublicProfile" }, { "permissionType": "CanViewAllStandardMerits" }], "successUrl": "/goodpath", "failureUrl": "/badpath", "state": "somestatevariable" }'
Once you receive a request_loginwithmerit_url
from this endpoint, which will look like the following: https://merits.com/login-with-merit?token={token}
, re-direct your user to this special authorization page for your App.
If a Merit Member agrees to Login with Merit for a given App and Org, they'll be sent a pre-accepted Merit Access Merit for the App from the Org and then redirected to your site along with a Merit Member ID Token in the memberIdToken
URL parameter. You can exchange this token for a `Member ID using the Member ID Token endpoint.
As long as their Merit Access Merit remains accepted your App will be granted special permissions to access the Member's merits and profile. You'll probably want to start by fetching their merits using the Member merits endpoint.
Updated almost 5 years ago