Configure sign up and log in with Auth0 using the OAuth2 Basic Plugin

(oauth2_basic) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

Any ideas?

Is it possible to make Auth0 the only possible way to register and login?

Yes, just disable all the other login methods. (including the enable local logins setting)

1 Like

Is it possible to just redirect to the Auth0 signup and not display the basic signup form?

If you want to hide all the Discourse login/signup UI, then you can turn off the enable local logins site setting

1 Like

Thanks David. I did that but I’ve noticed that when I sign up using the modal and get redirected back to Discourse, it prompts again for a username and other details so it doesn’t look like Auth0 is passing that information back to Discourse. I’m wondering if the solution is to keep the modal simple with just email address and password on the Auth0 modal for registration and get the rest of the details on Discourse.
Problem is we want to keep the user data in one place using a custom database attached to Auth0.

how can i set logout redirect to i cant found anything about logout

To only require email address validation if the user hasn’t already confirmed it in Auth0, the oauth2 json email verified path value is email_verified.

I found this by enabling the oauth2 debug auth setting and inspecting the logs at <DISCOURSE_URL>/logs. When I logged in using an unverified account, the body looked like this

OAuth2 Debugging: 
user_json: {
  "sub"=>"auth0|XXXXXX", 
  "nickname"=>"YYYYY+unprovenauth", 
  "name"=>"YYYYYY+unprovenauth@ZZZZZZ.com", 
  "picture"=>"https://via.placeholder.com/150", 
  "updated_at"=>"2022-09-21T07:50:40.172Z", 
  "email"=>"YYYYYY+unprovenauth@ZZZZZZ.com", 
  "email_verified"=>false
}
1 Like

@david

Hoping you can help - I’d like to configure Discourse to login using Microsoft’s XBL login and I thought this plugin might be the way to start.

I did post this thread in dev:

There’s a minecraft discourse forum called “The Hive” that utilises what we want to do - I just can’t find a plugin for it. :slight_smile:

Hey there!

Is there a way to require a login to post in the community, but allow the posts to be viewable without logging in?

We’ve enabled the Auth0 plugin for our community. And we’ve removed all other forms of login and anonymous posting-- we essentially want to ensure that people are customers of ours before they post in the user community. But we’d still like the posts to be viewable by others even if they haven’t logged in.

The way I was able to get the Auth0 plugin to work, it requires you to login first before even viewing the content. Am I missing a switch or something?

Thanks!

It sounds like you may have flipped login required. With that enabled, only people with an account can view the forum posts. You should be able to have SSO without needing to enable that. :+1:

1 Like

this url is returned right after sign up creation is done and before the end user can validate their email in auth0 Is there a way to stop it from handing off to the community prior to the email being validated?

https://community.sambanova.ai/auth/failure?message=access_denied&origin=https%3A%2F%2Fcommunity.sambanova.ai%2Flogin&strategy=oauth2_basic