Support Thread

APG vNext 5.5 Tapatalk Integration and SSO Login Compatibility

APG vNext 5.5 Tapatalk Integration and SSO Login Compatibility — APG vNext Guide

APG vNext 5.5 introduced official Tapatalk integration. This thread addresses whether the Tapatalk integration is compatible with Single Sign-On (SSO) setups.

Short Answer

Tapatalk uses its own authentication mechanism and does not natively support custom SSO implementations. Users on SSO-enabled APG vNext forums will need to log in separately via Tapatalk using their forum credentials.

Workaround

If your forum uses an external membership provider (e.g., ASP.NET Membership) for SSO, and users register/login through APG vNext's standard login form, Tapatalk authentication will work against that same credential store. The SSO aspect (shared cookie with another site) will not extend to Tapatalk, but users can still log in with the same username and password.

Recommendation

  • Ensure the Tapatalk plugin is enabled in Admin Panel → Settings → Integrations → Tapatalk.
  • Test the Tapatalk login flow with a test account before enabling for all users.
  • Monitor the Tapatalk announcement thread for updates on SSO support.

Tapatalk SSO Login - Detailed Setup for APG vNext 5.5

This thread provides the detailed technical steps for configuring SSO login through Tapatalk in APG vNext 5.5, following the overview in the linked thread. The focus here is on OAuth2-based SSO providers (Google, Microsoft Entra ID) and the specific Tapatalk API endpoints involved.

OAuth2 SSO with Tapatalk

<add key="APG.Tapatalk.SSOProvider"      value="OAuth2" />
<add key="APG.OAuth2.Provider"           value="Google" />
<add key="APG.OAuth2.ClientID"           value="your-client-id" />
<add key="APG.OAuth2.ClientSecret"       value="your-client-secret" />
<add key="APG.OAuth2.CallbackUrl"        value="https://yourforum.com/auth/callback" />

Testing Tapatalk SSO

# Test the Tapatalk API auth endpoint:
curl -X POST https://yourforum.com/community/tapatalk/auth   -H "Content-Type: application/json"   -d '{"username":"testuser","method":"sso_token_request"}'
# Expected: {"result":{"status":"success","token":"..."}}

Troubleshooting: SSO Redirect Loop in Tapatalk

If users get stuck in a redirect loop when SSO-logging in via Tapatalk:

  • Ensure the OAuth2 redirect URI exactly matches what's registered in your identity provider (including trailing slash)
  • Check that cookies are not blocked for cross-site requests in the Tapatalk web view
  • Enable SSO debug logging: <add key="APG.SSO.Debug" value="true" />

Tapatalk API Integration Architecture

Understanding how Tapatalk communicates with APG vNext helps when diagnosing SSO issues. Tapatalk mobile apps communicate with the forum through the Tapatalk API endpoint (/community/tapatalk/api.php or the equivalent .NET route). This endpoint accepts XML-RPC and JSON-RPC requests from the Tapatalk mobile app and translates them into APG vNext internal calls. Authentication tokens are exchanged between the Tapatalk app and this endpoint; these tokens are independent of the APG vNext session cookie used by the browser-based experience.

This architectural separation means SSO implementations that rely on shared cookies or browser redirects (Forms Authentication cookie SSO, ADFS SAML) do not extend to the Tapatalk API path. Tapatalk's own authentication layer supports OAuth2 tokens from supported providers, but this requires configuration on both the Tapatalk plugin side in APG vNext and in your OAuth2 provider's application registration. The most commonly supported configuration is Tapatalk + OAuth2 + Google or Microsoft as the identity provider, with APG vNext acting as the OAuth2 client and Tapatalk consuming the resulting authenticated session.

User Experience Impact of SSO Limitations in Tapatalk

For communities where SSO is critical to the member experience, the Tapatalk SSO limitation means members who primarily use the Tapatalk mobile app may need to authenticate separately from their browser-based SSO session. This is an acceptable trade-off for most communities, as Tapatalk users tend to use the app consistently and only need to authenticate once per device (session tokens are persisted by the app). If seamless SSO across all access methods is a hard requirement, consider whether the APG vNext responsive mobile web experience — which fully supports browser-based SSO — meets your mobile members' needs without requiring the Tapatalk integration at all.

Tapatalk Analytics and Community Insights

APG vNext's Tapatalk integration exposes community activity data to Tapatalk's analytics dashboard, allowing you to see how your mobile members interact with the forum — most active threads, peak activity times, average session duration, and post frequency from mobile versus desktop. This data complements Google Analytics (which only measures web traffic) with native app usage data that GA cannot capture. Use both data sources together to build a comprehensive picture of your community's engagement patterns across all platforms.

Disabling Tapatalk for Specific Forums

For communities with forums that contain sensitive information not appropriate for mobile access (e.g., a private staff forum, a compliance-controlled section), individual forums can be excluded from Tapatalk access while remaining accessible through the standard web interface. Configure forum exclusions in Admin Panel → Forums → Edit [Forum] → Tapatalk Access → Disabled. Members who attempt to access excluded forums through the Tapatalk app receive an informative message directing them to the web browser version.

Notifications and Push Alerts via Tapatalk

One of Tapatalk's strongest features compared to the APG vNext mobile browser experience is native push notifications. When a member receives a reply, mention, or private message in APG vNext and they have the Tapatalk app installed, they receive an immediate push notification — even when the app is not open. APG vNext's Tapatalk integration handles push notification delivery automatically through Tapatalk's notification service. Ensure the Tapatalk notification credentials are configured correctly in Admin Panel → Integrations → Tapatalk → Notification API Key. Incorrect credentials result in silent notification failures that are difficult to diagnose without checking the APG vNext error log for Tapatalk-related entries.

Related Resources


Looking for more help? Browse the support forum or check the Knowledge Base.