Accounts created via SSO not activated

(Paul Ceccato) #1

I have had a few cases with users who have registered using SSO having their account created in a non-activated state.

They also do not have an avatar url, but all their other account details which are passed in via SSO are correct (name, id email etc)

I have to manually activate their accounts before they can post.

Any idea how this can happen? I thought the account would be automatically created as activated?

(Sam Saffron) #2

Can you reproduce this consistently?

(Paul Ceccato) #3

Just had a look at my discourse logs and think I see the error- it looks like discourse is throwing an exception when it tries to load the avatar I supply during the sign on because the avatar link http redirects to akamai. Here is the entry from the discourse log:

RuntimeError (redirection forbidden: ->

When I tried to load the image in a browser I can see it redirects to akamai.

Some background, I have implemented discourse sso for my application, and my application allows users to authenticate via google, facebook etc.

In this case it seems to be only users who use facebook who are having an issue, and their discourse accounts all seem to have empty avatar links, so the default avatar displayed seems to be based on the first letter of their names. It looks like this exception causes the accounts to remain unactivated - if I activate them manually then they can use their accounts.

(Sam Saffron) #4

Going to recategorize this as a bug then (which needs some confirming)

If you supply a broken avatar URL to SSO process fails and account is not activated.

@techAPJ can you have a look?

(Paul Ceccato) #5

cool. I have worked around the issue for now by passing a gravatar url rather than the facebook avatar url to the sso callback

(Sam Saffron) #6

I think I just fixed this, can you confirm?

(Sam Saffron) #7

This topic was automatically closed after 7 hours. New replies are no longer allowed.