I’ve done a few hours of research for my issue and I think I’m close, but might need a little nudge in the right direction.
I’m essentially trying to integrate Discourse as headless implementation into my react project which already contains authenticated users in it’s own DB.
To do this, when the user logs in on the React page, it will perform a SSO for the user to authenticate with the Discourse API so that we can call the appropriate functions and such.
So, I’m first first fetching from my Discourse URL and preventing any redirects like so:
const response = await fetch('https://forum.mysite.com/session/sso', {
method: 'GET',
redirect: 'manual', // Prevent automatic following of redirects
});
Then I do the whole validation shin-diggy and send the Payload with the user information to the backend using:
const loginResponse = await fetch(newurl.toString(), {
method: 'GET',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
redirect: 'manual',
});
And the formatting and Signature and such all look good. But it gives me an error. So I commented this out, and took the generated URL and copied it my browser to see what’s up and it gives me this:
Verbose SSO log: Nonce is incorrect, was generated in a different browser session, or has expired add_groups: admin: avatar_force_update: avatar_url: bio: card_background_url: confirmed_2fa: e
So after a bit of researching I think these answers are close to helping me but I’m still not very clear on what to change for my setup and force_https doesn’t seem to be a setting we can manipulate anymore (not even sure what it does):
I feel like it’s possibly caused by different browsers session, but idk. I think I’m close to getting this to work though, I just need a little nudge. Any info would be helpful. Thanks!