It is not working exactly as it is for you.
1- When i login to discourse and enter the username/password, auth0 authentication completes fine and populates the “create account” screen in discourse.
2- second scenario: new account in auth0 created. User then logs into web app, then comes to login to discourse (so discourse record not yet created). The auth0 login box pops up with the credentials pre-populated. Accept these credentials, auth0 authenticates and sends user back to the “create account” screen in discourse, but none of the fields are pre-populated.
Looking at the discourse logs, the json from the /userinfo endpoint is coming back empty in this scenario.
This means something somewhere isn’t configured correctly, my first guess is in the auth0 dashboard somewhere. Can you tell me what your settings are for your application under “Advanced Settings” → “OAuth”?
Now go to webapp by changing url to “http://mydomain.com/”. Click login and lock widget opens up again with NO credentials because according to auth0 step 1 did not complete due to redirect, hence no user login record.
Will take a look at the link you provided, thanks.
When a user clicks to sign up using the Auth0 (set up as the OAuth2 method) account, and authenticate or create an account, they are dropped back to the Discourse ‘create account’ form - and a user is created successfully in Auth0. The password field is hidden on the create account form, but no other fields are pre-populated.
I’d expect that the fields such as email and name would be pre-populated as the user in Auth0 has these fields available.
I’m not sure if I am missing something, but it is a pretty bumpy user experience and could be error prone (e.g. which email gets notifications, the Auth0 user account or the email they enter on the new user form?).
On the Discourse side can you remove “oauth2 json username path” , “oauth2 json name path”, and “oauth2 json avatar path” for now. Then can you update “oauth2 json email path” to “email”. Let’s see if we can just get that working, then we can work on the other fields.
Also you can check “oauth2 email verified” because auth0 is already verifying the email addresses.
Auth0 should still send the user info whether you use google to auth or auth0 directly. But can you try and log in directly with auth0 username and pass instead of google and see what that sends to Discourse in the payload.