This article explains what Custom SSO in Memberstack does, and what it does not do. Many people confuse Custom SSO with being able to “plug in” any external login system. This page clarifies the limitations, supported use cases, and the role of OIDC in Memberstack’s setup.
What Custom SSO Does
When you enable Custom SSO, Memberstack becomes the Identity Provider (IdP).
- On your external application (for example, a dashboard or custom tool), the option would appear as “Log in with {{your app name}}” as with Memberstack
- Memberstack handles the authentication, issues tokens, and confirms the user’s identity to the external app.
- The external app becomes what’s called a Relying Party (RP) in the OIDC (OpenID Connect) standard.
In this setup, Memberstack is the single source of truth for user authentication.
What Custom SSO Does Not Do
Custom SSO does not allow you to use another provider as the login source for Memberstack. This includes:
- Identity platforms like Auth0 or Okta
- Community or learning platforms like Discord or LearnWorlds
All of these systems want to act as the Provider. Since Memberstack is also designed to be the Provider, the connection is not possible.
Currently, the only external login options supported inside Memberstack itself are:
- Github
- Spotify
- Dribbble
OIDC and Memberstack
Memberstack’s Custom SSO is built on the OpenID Connect (OIDC) standard. Here’s what that means:
- Memberstack = OIDC Provider (OP)
- It authenticates the user.
- It issues identity tokens (ID tokens, access tokens).
- Your external app = OIDC Client (Relying Party)
- It accepts those tokens.
- It uses the information from Memberstack to create or manage the user session.
This standard makes it possible to integrate Memberstack with custom tools, partner apps, or platforms that can accept OIDC logins.
Common Misunderstandings
- “I want to connect Auth0 to Memberstack as the login provider.”
→ Not possible. Both Auth0 and Memberstack want to act as the Provider, and Memberstack does not accept outside IdPs. - “Can I use Auth0 with Memberstack at all?”
→ Yes, but only if Auth0 acts as the OIDC Client (relying party). In this case:- Users log in through Memberstack.
- Memberstack issues OIDC tokens.
- Auth0 consumes those tokens and can be used to grant access to downstream applications.
→ ❗Important: this does not allow Auth0 social logins (Google, Apple, etc.) to be brought into Memberstack. The flow always starts with Memberstack as the provider.
- “Can I connect Discord, LearnWorlds, or another app with its own SSO?”
→ Not possible. These apps want to act as providers, and Memberstack does not accept external IdPs. - “Can I use Auth0 social logins (Google, Apple, etc.) inside Memberstack?”
→ Not possible. Memberstack does not accept Auth0 as a provider. The only social logins allowed are Google, Facebook, Github, Spotify, Dribbble, and LinkedIn.
Key Takeaways
- Memberstack Custom SSO = Memberstack as the Provider (via OIDC).
- External applications must be able to act as an OIDC client (relying party).
- You cannot connect another provider (Auth0, Okta, Discord, LearnWorlds, etc.) to replace Memberstack’s login.
- The only built-in third-party logins supported in Memberstack are Google, Facebook, Github, Spotify, Dribbble, and LinkedIn.
Comments
No comments yet. Start the conversation below.
Please sign in to leave a comment.