Authorization from a desktop application (and base domain site)

I recently setup SSO so users can login to my top domain site ( using their discourse login running on a subdomain ( Now I’m running into trouble because I also want to login to discourse from a desktop application.

A little background: I’m running an invite-only software beta for this desktop app and I’d want to make sure the user has access to the forum before starting up the desktop app.

Ideally I would have a basic form in my desktop app and make a post request to the forum to verify the user. I was thinking if Discourse was an OAuth2 provider it would work? I don’t think it is and I can’t find a way to do what I want but maybe I’m missing something.

I realize this is a weird use case and I’m new to the whole users/SSO/OAuth/etc world so if I’m falling down the wrong rabbit whole I’d appreciate if someone would throw me a rope :blush:


Discourse can’t be an OAuth2 provider, no (although I’d love to see a plugin that implements that one day - it’s definitely achievable).

Right now you can use Discourse’s own SSO protocol to implement this. In fact, we do this routinely for our internal tools at

The other option you have, which might be a better fit for the ‘desktop application’ scenario, is to use the “User API Key” flow. That’s how we authenticate users on our Android/iOS apps:


That “User API Key” seems perfect!
I’ll give it a try, thank you!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.