Using Discourse as an Authentication Provider with OAuth2 / OIDC

Plugin Extras
1
:information_source: Summary Oauth2/OIDC Provider. Users can create their own apps.
:hammer_and_wrench: Download Link https://vvpp.cc/s/GPmCV

Features

We know that Discourse officially does not use Discourse as a solution for an Oauth2/OIDC Provider.

To better implement the service and to allow everyone to bring more creativity into NL, NL has implemented an Oauth2/OIDC Provider based on Parkour-Vienna/distrust: Use discourse as an OIDC (OAuth 2.0) provider, which allows users to apply for applications themselves.

Configuration

I used Mysql to store user-related data, so the specific usage method is to first install Mysql/MariaDB, execute the Sql script to create the database; then configure distrust.yml, set the database-related content, and then execute distrust genkey to generate the corresponding rsa key; then create a discourse connect provider in the Discourse backend and enter the relevant information.

Then execute

chmod _+x distrust
./distrust

Access your IP:3000/apps to see the application interface.

Demo

The image shows a user interface for an Open Authorization 2.0 (OATH2) app dashboard with options to create a new application. (Captioned by AI)
The image shows a user interface for an Open Authorization 2.0 (OATH2) app dashboard with options to create a new application. (Captioned by AI)1026×790 23.7 KB

A screenshot of the OAuth2 application creation form with fields for application name, description, redirect URLs, allowed groups, and denied groups. (Captioned by AI)
A screenshot of the OAuth2 application creation form with fields for application name, description, redirect URLs, allowed groups, and denied groups. (Captioned by AI)1155×1165 44.4 KB

The image shows a successful OAuth2 application creation page with a warning to save the client secret securely. (Captioned by AI)
The image shows a successful OAuth2 application creation page with a warning to save the client secret securely. (Captioned by AI)1155×1165 51.7 KB

This image shows a screenshot of a software application interface displaying OAuth2 applications with a single active application named 'Test', along with its client ID, status, and creation date. (Captioned by AI)
This image shows a screenshot of a software application interface displaying OAuth2 applications with a single active application named 'Test', along with its client ID, status, and creation date. (Captioned by AI)1155×1165 30.4 KB

When user use Oauth2/OIDC login.

This image shows an authorization screen where the application named 'frenxodeloc' is requesting to access the user's profile and Discord group memberships via OpenID Connect. (Captioned by AI)
This image shows an authorization screen where the application named 'frenxodeloc' is requesting to access the user's profile and Discord group memberships via OpenID Connect. (Captioned by AI)1155×1165 39.5 KB

5 Likes
2

This seems to be the piece I was looking for but I’m not technical, so I will patiently wait until someone looks into it :slight_smile:

I’m sharing the OP translated to english with DeepL.

1 Like
3

An excellent beginning; I am grateful for your open-source contribution. This truly marks a magnificent commencement. :clap: :clap: :clap:

4

cool!