SSO

Authenticating ClickFunnels contacts from your platform via a JWT token.

When customers register in your own application and you create them in ClickFunnels it can be useful to authenticate them seamlessly in the ClickFunnels customer center, e.g., so they can make use of the ClickFunnels functionality, without needing to login with a password or magic link.

To achieve this, you will need to generate a URL for your users that contains a JWT token and the information needed for authentication.

Setup

Go to your ClickFunnels account and copy your JWT secret key:


And create a contact in your workspace that you will authenticate:


Now, with the programming language of your choice, create a JWT token:

require "jwt"

# Prepare token creation.
customer_email = "[email protected]"
workspace_domain = "yourworkspace.myclickfunnels.com" # ⚠️ If you have a custom domain connected, you need to pass it here including the www.
payload = {
  sub: "#{customer_email}:#{workspace_domain}",
  nbf: Time.now.to_i,
  exp: Time.now.to_i + 3600,
  iat: Time.now.to_i,
  redirect_to: "https://#{workspace_domain}/customers/profiles/qKOLEpy/orders" # The customer will be redirected here after successful login.
}
jwt_secret_key = "2G1CktMD3..." # The JWT secret key you copied earlier in your ClickFunnels account.
algorithm = "HS256"

# Create the token.
jwt_token = JWT.encode(payload, jwt_secret_key, algorithm)
puts jwt_token

A few notes:

  • All payload parameters are required, except for redirect_to.
  • You can pass any URL to redirect_to, e.g., your course's URL so the customer won't need to click any further.
  • The sub subject must be of the format CONTACT_EMAIL:WOKRSPACE_NAME.myclickfunnels.com.
  • You should also set a reasonable exp expiration time for the token.

⚠️

If you have one or more custom domains configured for your workspace, SSO will stop working for the canonical default ClickFunnels domain of your workspace, like "yourworkspace.myclickfunnels.com".

As a result of running the script above, you should end up with a JWT token like this:

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzc28tY3VzdG9tZXJAY2xpY2tmdW5uZWxzLmNvbTpyaWNoc3RvbmUubXljbGlja2Z1bm5lbHMuY29tIiwibmJmIjoxNzM3MDQyNDMxLCJleHAiOjE3MzcwNDYwMzEsImlhdCI6MTczNzA0MjQzMSwicmVkaXJlY3RfdG8iOiJodHRwczovL3JpY2hzdG9uZS5teWNsaWNrZnVubmVscy5jb20vY3VzdG9tZXJzL3Byb2ZpbGVzL3FLT0xFcHkvb3JkZXJzIn0.1eS_CW194PKvCj2k_Vw_D1xqwzRGMW4_Dw6TJTZqGnU

You can verify that your token was verified correctly on websites like jwt.io.

Now with that token you can build the URL for authenticating the contact via SSO. The URL starts with the workspace base URL and /sso path segment (e.g., https://YOUR_WORKSPACE.myclickfunnels.com/sso. It has three required query parameters:

  1. identifier - The email address of the contact to be authenticated.
  2. strategy - Should have the value email.
  3. token - Is the JWT token you've generated earlier.
# Build the URL.
customer_login_url = "https://#{workspace_domain}/sso?identifier=#{customer_email}&strategy=email&token=#{jwt_token}"
puts customer_login_url

Here is the output you would get for that URL:

https://yourworkspace.myclickfunnels.com/[email protected]&strategy=email&token=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzc28tY3VzdG9tZXJAY2xpY2tmdW5uZWxzLmNvbTpyaWNoc3RvbmUubXljbGlja2Z1bm5lbHMuY29tIiwibmJmIjoxNzM1ODE4NTYxLCJleHAiOjE3MzU4MjIxNjEsImlhdCI6MTczNTgxODU2MX0.ae7FEo28GmrREy7s6bod6WtazYMnZt8l4B6ZxyvOd1M

❗️

Make sure to URL encode the customer_email in the URL

I.e., an email like [email protected] will need to be passed in the URL like this:

https://yourworkspace.myclickfunnels.com/sso?identifier=sso-customer%2Btricky-email%40clickfunnels.com&...

Only URL-encode the customer_email for the identifier in the URL, not when passing to your JWT encoder.

Now, this is URL you can place on your platform, in emails and wherever else you would like your customers to login from to your customer center. Here is the full script one more time:

require "jwt"

# Prepare token creation.
customer_email = "[email protected]"
workspace_domain = "yourworkspace.myclickfunnels.com" # ⚠️ If you have a custom domain connected, you need to pass it here including the www.
payload = {
  sub: "#{customer_email}:#{workspace_domain}",
  nbf: Time.now.to_i,
  exp: Time.now.to_i + 3600,
  iat: Time.now.to_i,
  redirect_to: "https://#{workspace_domain}/customers/profiles/qKOLEpy/orders" # The customer will be redirected here after successful login.
}
jwt_secret_key = "2G1CktMD3..." # The JWT secret key you copied earlier in your ClickFunnels account.
algorithm = "HS256"

# Create the token.
jwt_token = JWT.encode(payload, jwt_secret_key, algorithm)
puts jwt_token

# Build the URL.
customer_login_url = "https://#{workspace_domain}/sso?identifier=#{customer_email}&strategy=email&token=#{jwt_token}"
puts customer_login_url

Action

Now, each time you want your user to login to the ClickFunnels customer center without a password or magic link, you will need to generate this link and let your user click it. Then the user will get automatically logged into the customer center:


Troubleshooting

  • Verify that your token was built correctly and matches the JWT secret from your Site & Blog > Customer Center settings.
  • Make sure you URL-encode the identifier in the final URL query params: https://yourworkspace.myclickfunnels.com/sso?identifier=sso-customer%2Btricky-email%40clickfunnels.com&....
  • Make sure you use a custom domain and not your default workspace domain ("yourworkspace.myclickfunnels.com") if you have at least one custom domain connected to your workspace.