Why popping it if all the infos are valid? Why not create the account automatically?
Is there any way to bypass it?
In my case, it adds confusion to the user because he’s supposed to have a single account (the OAuth2 one) for several apps. Nevertheless, I think it it should pop if the infos are invalid (conflict or such).
The other solution for me would be to create the user via the API beforehand (when its OAuth2 account is created), then the window doesn’t appear at first login, but it forces me to enable local logins and I’d prefer not to.
The reason we show the modal is so that people can change their Name/Username if the “Social login provider” doesn’t have the best information available. For things like facebook/twitter this makes a lot of sense, but it makes less sense when corporate SAML/OAuth/OIDC is being used.
I think a core site setting for “Automatically create accounts” would be useful. But we would need to think about whether it should work when registration is disabled.
I modified discourse-oauth2-plugin to create the user account in the after_authenticate hook but the modal still pops and the suggested username is a variation of the OAuth2 username (because, eh, it’s already taken at this point).
I’m not familiar enough with Discourse (and Rails) to dig this, so if anyone could tell me if there is an “easy” way to dismiss this modal, other than forking discourse/discourse if possible…
SSO would make me implement another auth endpoint on my OAuth2 server and I’d prefer not to, to keep consistency with the other apps using OAuth2 in the stack.
In a nutshell, I allow local logins but hides the sign up button, and when the log in modal shows (wether it’s coming from a click on the log in button, the reply button…) the modal is hidden and it simulates a click on the OAuth2 login method.
You can throw stones at me until I figure out a cleaner, lower-level way to do this
def after_authenticate(auth)
log("after_authenticate response: \n\ncreds: #{auth['credentials'].to_hash}\ninfo: #{auth['info'].to_hash}\nextra: #{auth['extra'].to_hash}")
result = Auth::Result.new
token = auth['credentials']['token']
user_details = fetch_user_details(token, auth['info'][:id])
result.name = user_details[:name]
result.username = user_details[:username]
result.email = user_details[:email]
result.email_valid = result.email.present? && SiteSetting.oauth2_email_verified?
avatar_url = user_details[:avatar]
current_info = ::PluginStore.get("oauth2_basic", "oauth2_basic_user_#{user_details[:user_id]}")
if current_info
result.user = User.where(id: current_info[:user_id]).first
elsif SiteSetting.oauth2_email_verified?
# --------------
if User.find_by_email(user_details[:email]).nil?
result.user = User.create(name: user_details[:name], email: user_details[:email], username: user_details[:username])
log("created user account")
end
# --------------
result.user = User.find_by_email(result.email)
if result.user && user_details[:user_id]
::PluginStore.set("oauth2_basic", "oauth2_basic_user_#{user_details[:user_id]}", user_id: result.user.id)
end
end
download_avatar(result.user, avatar_url)
result.extra_data = { oauth2_basic_user_id: user_details[:user_id], avatar_url: avatar_url }
result
end
Note that modifying code in this way isn’t great, because it will break if we update the method later. This will almost certainly require maintenance in the future.