I recently setup SSO so users can login to my top domain site (mysite.com) using their discourse login running on a subdomain (forum.mysite.com). Now I’m running into trouble because I also want to login to discourse from a desktop application.
A little background: I’m running an invite-only software beta for this desktop app and I’d want to make sure the user has access to the forum before starting up the desktop app.
Ideally I would have a basic form in my desktop app and make a post request to the forum to verify the user. I was thinking if Discourse was an OAuth2 provider it would work? I don’t think it is and I can’t find a way to do what I want but maybe I’m missing something.
I realize this is a weird use case and I’m new to the whole users/SSO/OAuth/etc world so if I’m falling down the wrong rabbit whole I’d appreciate if someone would throw me a rope
Discourse can’t be an OAuth2 provider, no (although I’d love to see a plugin that implements that one day - it’s definitely achievable).
Right now you can use Discourse’s own SSO protocol to implement this. In fact, we do this routinely for our internal tools at discourse.org:
The other option you have, which might be a better fit for the ‘desktop application’ scenario, is to use the “User API Key” flow. That’s how we authenticate users on our Android/iOS apps: