I would like to limit access to certain pages on our website based on whether someone has a member account on our private Discourse. Presumably I would do that by checking by checking on those pages whether the user is logged in on Discourse at the time.
I haven’t tried it yet, but the prompt parameter might be useful for your case:
prompt: If prompt=none, then the SSO request is treated as a “just checking” request. If the browser/device is already logged-in to Discourse, Discourse will return a successful SSO response bearing user authentication information, as usual. If the browser/device is not already logged-in, then Discourse will not ask the user to log in, and will immediately return an SSO response bearing the parameter failed=true instead of user information. This provides a mechanism to query if the user is logged-in, without ever directing the user to a login dialog if they are not.
This looks promising @simon. I hadn’t realized that DiscourseConnect could even function without enabling enable discourse connect but apparently it can!
I’ll run some tests and report back – thanks for setting me on this track!
I wonder if using Discourse as the auth provider gets overlooked because of its name (DiscourseConnect). For example, just adding the term DiscourseConnect to a post on here creates a link to the topic about using an external site as the auth provider for Discourse. Using Discourse as an auth provider is one of my main justifications for having a Discourse site.
@simon I just wanted to write back and thank you. I do think your suggestion earlier is the correct answer. I’ve had trouble implementing it on my site, but the issue seems to mostly be that it’s a half-custom CMS with a lot of rickety code getting in the way.
