I have a working discourse forum, where users can create a local login (username + password).
I’d like to reuse their login and password in another application. In other words: users would enter their username and password in the other application, and the application should be able to check whether this is a valid login for the forum.
I’ve been reading the documentation for the Discourse API. Many things are possible, including setting username and password for a given user, but I did not find an API endpoint to validate an existing username and password against the list of forum users.
I assume that such an API end point must exist, as the forum must be able to do this to login a user via the web interface.
What is the API end point to check a username and password to login to the forum?
Are you referring to the API key? It seems possible to create a “granular” API key, that has access to specific API end points only. It is still not clear to me which endpoints would be required, if I use that approach. Do you know?
Yes, a minimal web service with auth-proxy might be a good solution; I’ll have to experiment a bit to find out.
If I understand this correctly, this method would mean that the user logs in using a browser. That can work, although I was hoping to find a method where username and password can be entered in our desktop application, without opening a browser.
I understand that the approach I have in mind will not support TFA unless I implement it myself, and that it will not support logins via third-party providers (Google, Facebook, Discord, …)
The best way to what you want in a Desktop app is using User API Keys.
You do need a web interface either in the app or by opening the browser, but if you make your app a handler for the protocol used by the mobile apps, you can easily have it get the token that way and only have to use the browser again if the token expires or they use a different device.
My personal experience with this is that using the User API keys is a much safer and simpler option than trying to use the session end points.