I don’t think so, but maybe I’m not understanding the question correctly. Let me explain how we use Discourse, the SSO feature, and why I originally bumped into this bug…
We run an e-learning platform that uses a temporary discourse for each session of each workshop (course).
We use SSO with a custom auth system for two reasons:
- so that a user only needs to create one set of credentials to access any course they’ve registered for.
- to enforce policies on who is allowed in to each discourse based on arbitrary data in our database. For example in our discourse SSO endpoint, we check to make sure the user has a valid registration and that the date is within the bounds of our opening and closing dates.
I ran into this bug above when we wanted to create a group in one workshop only for people who were in a different one (like an alumni group). So I added the full class list from the different workshop to the bulk add modal, and accidentally sent invites to everyone on that list who hadn’t registered for the current workshop.
So, we really never would use the invite feature in Discourse (whether it’s by link or by email). If we did want an invite feature, we’d likely have to build it ourselves because there’s some business logic we’d want to layer on top of any invites we sent out. For example, if the workshop enrollment period was closed we’d want to display an error message on the link. Or maybe we’d want to include a discount in the link.
All this is to say that it works if we don’t have to use it, but we would really like to not have to worry about inadvertently sending emails to people without an account in that Discourse.