Auto login setting when private pages are requested by unlogged users

trobiyo · October 16, 2019, 8:40am

Hi everybody,

I would like to propose you an improvement regarding log in into Discourse forum. Not sure whether it was previously requested or developed, but I did not find any topic related.

Would be nice if, to log in into the forum, an auto-login feature or similar were available when coming from another url. Let’s see the following scenario.

If we have a category only allowed for people with TL0 (i.e., only logged users can see this category), if we send the link to this category to someone it will get the following message:

If now the user logs in, user will appear in the main page, not in the category page losing the target url.

Assuming you have only one authentication method (e.g., OAuth2), could it be considered to auto-login the user instead of showing this message? Thus, user will be allowed to go directly to the ‘private’ side of the page without losing the expected target url.

This can also be considered to pages like /wizard. Sending this link to a person who is not logged in will end up in the main page, having the user to then re-going manually to /wizard path after logging in.

What do you think, is there any similar solution to this?

Cheers,
Ismael

codinghorror · October 16, 2019, 9:00am

There are already other existing topics on this, yes. The general problem is this behavior would expose the existence of private content.

trobiyo · October 16, 2019, 10:05am

Yep, in that sense… the right balance I assume is vasculated to security. Good to know that at least you considered.

Many thanks!

Cheers,
Ismael

codinghorror · October 16, 2019, 6:11pm

It’s possible we could add this as an optional default-off setting, I am open to it. The other topics here on it have more discussion of the pros and cons.

A related site setting was just checked in along the same lines by @danj as well

https://github.com/discourse/discourse/pull/8014

trobiyo · October 17, 2019, 8:54am

I really like the idea. Would be fantastic if, giving the possibility to log in through this new generated page, users can finally reach the target url without losing the path (i.e., if we go to /wizard, detailed 404 generated page comes up and after logging in users are redirected to /wizard path).

Cheers,
Ismael

Topic		Replies	Views
Desired URL lost if `login required` is enabled and social logins are used bug	5	1058	January 3, 2018
Triggering automatic authentication via SSO when linking to private topics? support	5	1021	February 21, 2019
Redirect to protected category after login support	12	1210	October 16, 2019
On a private forum, a link to a topic sends them to the home page instead of the topic when they have to log in feature	6	958	March 26, 2015
Auto login WP users in Discourse wordpress	2	1114	June 28, 2019

Auto login setting when private pages are requested by unlogged users

Related Topics