Auto login setting when private pages are requested by unlogged users

Hi everybody,

I would like to propose you an improvement regarding log in into Discourse forum. Not sure whether it was previously requested or developed, but I did not find any topic related.

Would be nice if, to log in into the forum, an auto-login feature or similar were available when coming from another url. Let’s see the following scenario.

If we have a category only allowed for people with TL0 (i.e., only logged users can see this category), if we send the link to this category to someone it will get the following message:

image

If now the user logs in, user will appear in the main page, not in the category page losing the target url.

Assuming you have only one authentication method (e.g., OAuth2), could it be considered to auto-login the user instead of showing this message? Thus, user will be allowed to go directly to the ‘private’ side of the page without losing the expected target url.

This can also be considered to pages like /wizard. Sending this link to a person who is not logged in will end up in the main page, having the user to then re-going manually to /wizard path after logging in.

What do you think, is there any similar solution to this?

Cheers,
Ismael

1 Like

There are already other existing topics on this, yes. The general problem is this behavior would expose the existence of private content.

3 Likes

Yep, in that sense… the right balance I assume is vasculated to security. Good to know that at least you considered.

Many thanks!

Cheers,
Ismael

1 Like

It’s possible we could add this as an optional default-off setting, I am open to it. The other topics here on it have more discussion of the pros and cons.

A related site setting was just checked in along the same lines by @danj as well

https://github.com/discourse/discourse/pull/8014

4 Likes

I really like the idea. Would be fantastic if, giving the possibility to log in through this new generated page, users can finally reach the target url without losing the path (i.e., if we go to /wizard, detailed 404 generated page comes up and after logging in users are redirected to /wizard path).

Cheers,
Ismael

2 Likes