SSO Login with Discourse

I have gone through the Discourse Connect SSO article(Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso)).

My understanding of this is that, we can let discourse use our API to validate the authentication and can send some custom parameters too. Correct me if I am wrong.

What we want is, we want to use our own login page(When users click on login in discourse.open…com, our login page “kan.open…com” should be opening up.) And once login is successful,it should goto discourse site. We saw couple of sites like twitter or atlassian etc. doing the same. Can you please help us with more details on how the same can be achieved.

That is correct if by “use our API” you mean “We will modify our API to support Discourse connect”. The details of how you do that are in the documents you linked. If you want everyone to be redirected immediately rather than seeing anything on your forum you’ll need to turn on the “login required” site setting.

Hello Discourse Community,

I have a question regarding the Discourse SSO (DiscourseConnect) setup. Is there a way to include additional parameters in the request when Discourse hits the DiscourseConnect URL? Specifically, I want to pass user data in the request to the DiscourseConnect URL, such as a user token or user ID, which I can use to authenticate the user and complete the SSO login process.

The challenge I’m facing is that users are required to log in twice—once to my project and again to Discourse—when connecting through SSO. Ideally, I’d like to streamline the process so that if the user is already logged into my project, they don’t have to log in again with the same credentials on my project.

Is there a feature in Discourse or any best practices for handling this? I’d appreciate any guidance or suggestions to make the SSO experience more seamless.

Thank you!

An approach for dealing with that scenario is outlined in the “Making the process seamless for authenticated users” section of this topic: Create a DiscourseConnect login link.

The first time I perform an SSO login with Discourse, I would like to know if there is any API or method available that can provide me with user data, such as a user ID or token, which I can send to the Discourse API. In return, Discourse would include that data, like the user ID or token, in the Discourse Connect URL request.

You can use the external_id that you have set in the DiscourseConnect payload to make an API request to Discourse. That request will return the full user Object.

You are not understanding what I want to convey. I’m not asking about retrieving user details from Discourse after login. Please understand the complete flow of what I’m trying to achieve, and let me know if it’s possible with Discourse or if I should proceed with my own approach.

Currently, I have a project built using the Laravel framework, and I want to provide users with access to the Discourse forum for feedback. I’ve decided to implement SSO login for Discourse. I created a Discourse admin account and enabled the necessary settings for SSO login, including enabling SSO, setting the redirect URL, and configuring the secret.

Now, I’ve added a ‘Discourse Connect’ button inside my project. I want when users click on this button, register or log in using my credentials, and automatically log in to Discourse. When users click on the ‘Discourse Connect’ button, i am redirects them to my base community URL with the session/sso endpoint, which then redirects back to my Discourse Connect URL. I receive the SSO and sig parameters in the request, which I understand are for validation. However, I need the user_id or some identifier to retrieve user data from my database to validate, authenticate, and log the user into Discourse.

My question is: Is there an API or some mechanism in Discourse that can return the user_id along with the SSO and sig parameters in the request? This is important because, without retrieving user data in the request, I would have to make the user log in again, which would provide a poor user experience. Essentially, when a user logs into my project and clicks the ‘Discourse Connect’ button, the Discourse Connect URL is triggered, and I receive the SSO and sig parameters. To authenticate the user, I need to fetch user data from the database, but this would require the user to log in again, which I want to avoid.

I want a seamless experience where, if the user is already logged in once, they don’t need to log in again. They should be able to access the Discourse forum using their project credentials directly.

I am not sure if I am understanding where the problem is occurring.

Are you using this library for DiscourseConnect: GitHub - spinen/laravel-discourse-sso: Integrate Discourse SSO into Laravel?

Looking at that code (laravel-discourse-sso/src/Controllers/SsoController.php at develop · spinen/laravel-discourse-sso · GitHub), I am not how it is handling the case of a user who is already logged into the Laravel app.