OAuth 2.0, which stands for “Open Authorization”, is a technical standard used to authorize user access. It allows users to access the site using their existing credentials on a main website or application. Bettermode supports the most common implementations of OAuth2, including OpenID Connect. Bettermode fully supports different OAuth2 options for both authentication and authorization.
OAuth2 Flow
To use the OAuth2 SSO method, your website or product should act as an OAuth2 identity provider. When the OAuth2 SSO app is enabled, Bettermode redirects the user to the unique user identity system. If the user is not logged into the website, they will see the login screen. After logging in, Bettermode receives the access token generated by the user identity system and fetches the user's information.
If a user doesn't exist in the system: Bettermode creates the user using the provided information and logs them in.
If a user exists in the system: Bettermode updates the user's information and logs them in.
Understand how Bettermode identifies a member's existence
Bettermode first checks if any user in the database has the same external ID as the one provided. If the user is found, it updates the user information, including their email address.
If there is no existing user with the same External ID as the one in the system, it tries to find the user via the email address provided and connects the user's external ID to the provided ID.
❗Important note: If there is an existing user with the same e-mail address as the one being authenticated but has a different external ID, it will result in a conflict.
In order to resolve the conflict, please follow these steps- How to resolve a login conflict?
Which OAuth2 methods does Bettermode supports:
Click on each option above to get access to the step-by-step tutorial and find the necessary credentials for setting up the SSO on your site.
Disable login & register with email and password
If a member should be directed to the SSO provider page directly when they open the site, you need to disable Login & register with email. To disable this option, click on your profile picture on the top-right > Administration > Settings > Authentication > turn off the toggle for Login & register with email:
Once disabled, the user will not see the default option of signing up or logging in using Email and Password.