Authorization from a desktop application (and base domain site)

I recently setup SSO so users can login to my top domain site (mysite.com) using their discourse login running on a subdomain (forum.mysite.com). Now I’m running into trouble because I also want to login to discourse from a desktop application.

A little background: I’m running an invite-only software beta for this desktop app and I’d want to make sure the user has access to the forum before starting up the desktop app.

Ideally I would have a basic form in my desktop app and make a post request to the forum to verify the user. I was thinking if Discourse was an OAuth2 provider it would work? I don’t think it is and I can’t find a way to do what I want but maybe I’m missing something.

I realize this is a weird use case and I’m new to the whole users/SSO/OAuth/etc world so if I’m falling down the wrong rabbit whole I’d appreciate if someone would throw me a rope :blush:

5 Likes

Discourse can’t be an OAuth2 provider, no (although I’d love to see a plugin that implements that one day - it’s definitely achievable).

Right now you can use Discourse’s own SSO protocol to implement this. In fact, we do this routinely for our internal tools at discourse.org:

The other option you have, which might be a better fit for the ‘desktop application’ scenario, is to use the “User API Key” flow. That’s how we authenticate users on our Android/iOS apps:

9 Likes

That “User API Key” seems perfect!
I’ll give it a try, thank you!

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.