Memberful OAuth SSO API
OAuth 2.0 Authorization Code flow (with PKCE) for signing members into external apps. Authorize at /oauth, exchange the code at /oauth/token, then query the signed-in member at /api/graphql/member. Access tokens expire in 15 minutes; refresh tokens last one year. Scope is accepted but ignored.