Hello - I have seen some older posts on this but nothing current. I asked this question in the memberstack forum as well…
I am working on a project to build a new private/closed community and I am interested in using memberstack + webflow and SSO to discourse for the community platform. I am under the impression that this is now supported with custom SSO integration. I specifically need to make sure I can have users authenticated into webflow pages and then seamlessly navigate to Discourse community site. I have seen comments suggesting it’s possible and I’ve seen the Memberstack SSO doc, but looking to see if there is any more specific information related to discourse integration. Anyone using a setup like this using memberstack to manage SSO for Discourse? I need to test it out as soon as possible. Thanks.
Yes, this is now supported! Memberstack now allows you to use Memberstack as an OpenID Connect provider: https://docs.memberstack.com/hc/en-us/articles/8161104982043-Custom-SSO-Integrations. This will allow users to login to your Discourse site through Memberstack. If you configure your Discourse site so that OpenID Connect is the only available login option on the site, logging into Discourse from your Webflow pages will be a seamless process for your users. (Note: don’t remove the option to login to your Discourse site with a username/password until you’ve confirmed that OpenID Connect logins are working.)
For this to work you’ll need to have the Discourse OpenID Connect plugin installed on your Discourse site. Details about configuring that plugin are here: Discourse OpenID Connect.
I recommend watching the video in the Memberstack documentation that I linked to before attempting to configure OpenID Connect logins for your Discourse site. It takes you through the process of configuring Memberstack OpenID Connect logins to work with the test site at https://openidconnect.net/. After you’ve done that, setting up OpenID Connect authentication for Discourse should be a straightforward process.
If there are any existing Discourse sites that have configured OpenID Connect authentication with Memberstack, it would be great to hear from them.
@simon Thanks so much for the input and confirming this should work! I was hoping to get this kind of validation before I went too far down the path with Webflow. I am using this to run a pilot program and I want to test memberstack + webflow + discourse during the pilot. So this is just to prove out MVP and it’s very possible I will move to something very different longer term (except Discourse… definitely keeping that!).
Since this memberstack OpenID support is fairly new I would be happy to hear if there is anyone here who is actually using this kind of setup in production.
Hi! Were you able to implement a working solution for this? OpenID requires a business account on Discourse which is $300/mo! I was hoping to use DiscourseConnect SSO to achieve what you mentioned with Webflow and Memberstack!
As far as I know, a working solution was implemented with OpenID Connect.
I don’t think Webflow allow you to add server side code to your site. If that is correct, it will not be possible to use DiscourseConnect with Webflow.
@JammyDodger, this topic could be renamed to “Memberstack + Webflow + Discourse OpenID Connect.”
Hi all! I was able to get SSO for Discourse via my Memberstack login to work! Once I login via OpenID to my Discourse forum, I get a pop-up to “create my account” on the forum. Is this what is supposed to happen or should I be logging me in directly? I’ve included a screenshot of the pop-up I get once I login with my Memberstack info. Thanks in advance!
From your screenshot, it doesn’t look like your email address is being filled in on the login form. It’s been a while since I watched the Memberstack video (https://docs.memberstack.com/hc/en-us/articles/8161104982043-Custom-SSO-Integrations), but I think the Discourse openid_connect_authorize_scope site setting needs to be set to openid email profile so that both the email address and username are included in the payload that’s sent to Discourse.
I don’t have things setup to test this right now, but you might need to enable these settings to skip the create account popup (otherwise, the fields should still get filled in, but users will have to click the “Create your account” button):
auth skip create confirm (definitely needs to be enabled to skip the create account popup)
auth overrides email
auth overrides username
auth overrides name
The easiest way to test this out is if you’ve got a non-admin account on your Webflow site. That way, you can try logging in as that user multiple times, and just delete their account on Discourse if it’s not working as expected.
Thank you SO much Simon! Adding in those additional items in “openid_connect_authorize_scope” fixed it and enabling “auth skip create confirm” skips the popup and goes directly to the forum homepage! I enabled " openid connect overrides email" - what does this do?
And is there a way to set the “Sign Up” button on Discourse to navigate out to a custom sign up page I have on my website? Currently clicking “Sign Up” logs me in via OpenID but I’d like it to link to a specific page on my website.
Thank you for all your help, it’s been invaluable!
Right, for OpenID Connect, the setting is called openid connect overrides email, not auth overrides email. When it’s enabled, every time a user logs into Discourse through OpenID Connect, their Discourse email will be set to the value of the email address they use on the OpenID Connect auth provider site. That means that if a user has changed their email address on Discourse, it will automatically get reset to the value of the email address they use on Memberstack.
You can actually disable the email editable site setting to prevent any issues with emails getting out of sync with the auth provider. So if you disable email editable and enable openid connect overrides email, users will only be able to change their email address by changing it on Memberstack, then logging into Discourse via Memberstack.
I don’t think so. After someone clicks the “Sign Up” button on Discourse, Discourse will redirect them to the authorization_endpoint that’s provided by Memberstack. Possibly Memberstack allows this to be configurable, but you’d need to contact them to find out.
Another possible approach is that it might be possible to add a link to the page custom page to the Discourse header. Maybe with this theme component: Custom Header Links. Ideally you’d be able to hide the link from logged in users with some CSS.
@ryanshah112 I was able to get this working as a POC (with much help from @simon) but I decided against the MS set up and now I have paused the project for a few months. I need to get it going again. I found the MS openID integration to not work that well. For one thing, there is the double login problem which made the onboarding flow less than ideal - it doesn’t just ask for authorization of the app, it makes user login. I wanted to set up a custom onboarding flow where the user logged in on the webflow site and was able to navigate to Discourse in a seamless way. I did get this working using forms, zapier, airtable by creating a discourse user via API. It was pretty cool as a POC but not really something I wanted to do as a production system. When I start again I will probably not rely on MS as the IDP, but rather would build it using something like Wized with Supabase or something. I think the MS + Discourse thing would work Ok if you are fine with some of the limitations.
For configuring OpenID Connect on the Discourse end, you can find the relevant information here: Discourse OpenID Connect. A detail that’s specific to Memberstack that isn’t mentioned in that topic is that I think the Discourse openid_connect_authorize_scope site setting needs to be set to:
openid email profile
(Assuming that’s correct, it should get added to the “Provider specific notes” section at the bottom of the Discourse OpenID Connect topic.)
This is a cause of endless confusion on here, but DiscourseConnect refers to a completely separate authentication protocol. The information you need is in the Discourse OpenID connect topic that I linked to.
I’m almost certain that it’s not possible to use DiscourseConnect with Memberstack. For it to work, you would need to be able to add some server side code to your Memberstack site. I don’t think that can be done.
It might be worth asking Memberstack about it. They could implement DiscourseConnect for all their sites in a similar way to what Memberful have done: Integrate Discourse with Memberful | Memberful.com. I’m available for consultation work if they wanted some help with that
Hi River! I agree with Simon that it’s not possible to use DiscourseConnect and instead you will need to use OpenID. If you need any help configuring Memberstack x Discourse via OpenID, I’m happy to help as I got this to work with Simon’s assistance! You’ll need the “Business” plan if you are going through Discourse hosting.
@ryanshah112 and @river - FYI - when I started this thread I had a hard requirement to use Webflow. Memberstack was really the only viable option for SSO via OpenID and I have not looked at it in maybe 6 months so some things may have improved there. But if you are willing to consider Wordpress there are a lot of benefits with DiscourseConnect.
Ryan - I started with the Business plan in order to test it out but I switched to Self hosted after a couple months because I really did not need “business” level packaging / features for my POC other than OpenID. Depending on what you need you might want to consider that and I recommend @pfaffman if you need help setting that up. Super easy.
