I have a WordPress Site that is the SSO provider for Discourse using the WPDiscourse plugin, the Forum is public, but it has some private groups.
When I want to add buttons that take users from my WordPress site to a private Group in Discourse I am using the SSO URL as mentioned here, so users don’t end up on the " Oops! That page doesn’t exist or is private.".
But when users have already authenticated via SSO in Discourse, and they come back and hit the same buttons they will get to the login page again, even when they’ve selected the “Remember me” checkbox during login. Ideally, they would be able to navigate to the private groups freely once they have authenticated in Discourse SSO.
Is there a better way of setting this up?
I thought about adding a code to the WP Login page and verifying if the user has already logged in in Discourse, and if so, redirect to the page in the “return_path” argument in the URL. Would that be the workaround? If so, which functions or API calls I could use to achieve it?
If the users are already logged into your WordPress site, this should not be happening. Can you clarify if the users who this is happening to are logged into WordPress? If they are logged in. they are expected to be silently redirected to the Discourse URL that you have set in the return_path argument.
Thanks Simon, yes the user is logged into WordPress.
The odd in my scenario is that I have one main WP site (WPSite1) that is the DiscourseConnect Provider for Discourse using WP Discourse,
Then I have a second WP Site (WPSite2) that synchronizes user database with WPSite1 using WP Remote User Synch plugin
I don’t know why it would interfere with the expected behavior you mentioned though, because when I login in on WPSite2, and then navigate to WPSite1, I am already logged in on WPSite1 as well.
But what is happening is that even after logging in on WPSite1, which is the DiscourseConnect Provider, and I click on a URL like https://discourse.example.com/session/sso?return_path=/g/private_group, it takes me to the SSO WP Login form.
Scenario 2 is the case.
I will review the instructions but I believe everything is set correctly since SSO login works, the problem is that the login page doesn’t recognize that there the user is already authenticated.