![White Logo Blue Banner copy-100.jpg]](https://knowledge.fisikal.com/hs-fs/hubfs/White%20Logo%20Blue%20Banner%20copy-100.jpg?height=50&name=White%20Logo%20Blue%20Banner%20copy-100.jpg)
Perfect Gym + EGYM Authentication Flow and Identity Mapping
Understand how JWT authentication, identity hierarchy, profile deactivation, and recovery logic operate between EGYM, Perfect Gym, and Fisikal, including initial authentication via Perfect Gym User ID and persistent authentication via EGYM BMA User ID.
Overview
This article explains how authentication works between EGYM, Perfect Gym, and Fisikal, including:
-
JWT authentication flow
-
Identity mapping logic
-
Initial vs persistent authentication
-
Profile deactivation behaviour
-
Recovery requirements after reactivation
How Authentication Works
When a user launches the Fisikal MWA from within the EGYM application, EGYM sends a JWT token to Fisikal.
Fisikal then:
-
Decodes the JWT token
-
Extracts the
membershipId -
Parses the member reference from the value
-
Maps the parsed value to the Fisikal identity type
Perfect Gym User ID -
Authenticates the user
-
Stores the
EGYM BMA User IDon the client profile for future authentication
Authentication Hierarchy
The integration uses a two stage identity hierarchy.
| Stage | Identity Used | Purpose |
|---|---|---|
| Initial Authentication | Perfect Gym User ID | First time login |
| Persistent Authentication | EGYM BMA User ID | Subsequent logins |
membershipId Parsing Logic
The incoming JWT membershipId may contain a namespace or location prefix.
Example JWT Value
"membershipId": "gymnation-132647"
Fisikal parses the value and extracts the member reference component:
132647
This parsed value is then mapped to the Fisikal identity type:
Perfect Gym User ID
Initial Authentication Flow
JWT Field Used
membershipId
Example
Incoming JWT Value
"membershipId": "gymnation-132647"
Parsed Identity Value
132647
Stored Identity
| Identity Type | Identity Value |
|---|---|
| Perfect Gym User ID | 132647 |
Persistent Authentication Flow
After the user successfully authenticates for the first time, Fisikal stores an additional connected identity on the client profile.
JWT Field Used
bmaUserId
Stored Identity Type
EGYM BMA User ID
Example
Incoming JWT Value
"bmaUserId": "1f0bf9ec-af64-49b5-b362-86f95fea1a3f"
Stored Identity
| Identity Type | Identity Value |
|---|---|
| EGYM BMA User ID | 1f0bf9ec-af64-49b5-b362-86f95fea1a3f |
Authentication Behaviour
First Time Login
The first authentication attempt relies on:
Perfect Gym User ID
This is required because the client profile does not yet contain an EGYM BMA User ID.
Once authentication succeeds, Fisikal stores the EGYM BMA User ID against the profile.
Subsequent Logins
After the first successful login, authentication can occur using:
EGYM BMA User ID
This becomes the persistent identity used for future EGYM initiated authentication requests.
Integration Attributes Stored on the Client Profile
The following integration related attributes may exist on the Fisikal client profile:
| Attribute |
|---|
| EGYM BMA User ID |
| Perfect Gym User ID |
| Perfect Gym Customer ID |
Profile Deactivation Behaviour
When a client profile changes from:
Active → Inactive
Fisikal currently performs the following actions:
-
Removes the Fisikal Alt ID
-
Removes all connected identities
-
Changes the client profile status to
Inactive
This results in the removal of all integration related attributes, including:
| Removed Attribute |
|---|
| EGYM BMA User ID |
| Perfect Gym User ID |
| Perfect Gym Customer ID |
Impact of Profile Deactivation
If a user profile has been marked as inactive:
-
EGYM initiated authentication may fail
-
The Fisikal MWA may fail to launch
-
Authentication requests may not map back to the client profile
This occurs because the required authentication identities have been removed from the profile.
Minimum Recovery Requirement
If a profile has previously been marked as inactive and is later reactivated, the following identity must exist on the client profile as a minimum:
Perfect Gym User ID
Example
| Identity Type | Identity Value |
|---|---|
| Perfect Gym User ID | 132647 |
Without this identity, the initial EGYM authentication process cannot succeed.
Persistent Authentication Recovery
If the following identity also exists:
EGYM BMA User ID
then subsequent authentication requests can continue successfully even if the original Perfect Gym User ID has later been removed.
JWT Field Mapping
| JWT Field | Parsed Value | Fisikal Mapping |
|---|---|---|
| membershipId | 132647 | Perfect Gym User ID |
| bmaUserId | UUID | EGYM BMA User ID |
| firstName | Rob | Client First Name |
| lastName | Lander | Client Last Name |
| roblander@me.com | Client Email | |
| membershipLocationId | gymnation-6 | Membership Home Club |
| gymLocationId | UUID | Gym Location Reference |
| role | EXERCISER | User Role |
Example Decoded JWT Token
{
"membershipLocationId": "gymnation-6",
"firstName": "Rob",
"lastName": "Lander",
"bmaUserId": "1f0bf9ec-af64-49b5-b362-86f95fea1a3f",
"role": "EXERCISER",
"membershipId": "gymnation-132647",
"gymLocationId": "8f8b1fa1-4346-4b10-80a8-0b3dc26f519b",
"email": "roblander@me.com",
"user_id": "BMA:1f0bf9ec-af64-49b5-b362-86f95fea1a3f",
"firebase": {
"identities": {},
"sign_in_provider": "custom"
}
}
Authentication Priority Order
First Time Authentication
membershipId
→ Extract Member Reference
→ Perfect Gym User ID
→ Authenticate User
→ Store EGYM BMA User ID
Subsequent Authentication
bmaUserId
→ EGYM BMA User ID
→ Authenticate User
Key Technical Dependency
At least one valid integration identity must exist on the client profile for EGYM initiated authentication into Fisikal to succeed.
Required Identities
| Identity Type | Required For |
|---|---|
| Perfect Gym User ID | Initial authentication |
| EGYM BMA User ID | Persistent authentication |
If neither identity exists on the client profile, authentication into Fisikal cannot succeed.