Security/Privacy concern: Email exposed in DiscourseConnect Provider redirect URL

Falco (Falco) March 9, 2026, 6:19pm 4

I’m curious, what is this downstream third party that has implemented our custom SSO protocol?

I’d say that is pr-welcome as long as it is not the default, so we don’t break existing sites.

Topic		Replies	Views
Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) Integrations sso , configuring , discourseconnect , how-to	45	453723	January 28, 2026
Use Discourse as an identity provider (SSO, DiscourseConnect) Integrations sso , discourseconnect , how-to	143	49889	November 9, 2024
DiscourseConnect / SSO. Force users to provide an email after redirecting from the parent website SSO discourseconnect , email	0	301	September 13, 2022
Create a DiscourseConnect login link Integrations sso , discourseconnect , how-to	6	6258	September 25, 2024
Integration into custom auth system where emails are not unique? SSO email	40	1304	June 6, 2024