as admin, enable verbose discourse connect logging, try it, then check /logs on your forum to see more detailed errors, e.g. https://forum.embeetle.com/logs
You’ll see e.g.:
You need to sign the payload, not the quoted payload, e.g.:
signature = hmac.new(
sso_secret, payload_base64.encode('utf-8'), hashlib.sha256
).hexdigest()
And then it works!
BTW, you need to revoke and change this secret immediately because anyone with it can log onto your app as I’ve just done while testing this.