Create a DiscourseConnect login link

Discourse · February 15, 2019, 11:00pm

Sites using DiscourseConnect sometimes want to include links on their DiscourseConnect provider site that will log users into Discourse and redirect them to a specific Discourse URL. This can be done by creating an anchor on the SSO provider site with an href property that points to /session/sso and has a return_path parameter set to the path of the Discourse page you want users to end up on.

The link’s href property should be in this form:

https://forum.example.com/session/sso?return_path=/relative_path

Here’s a full anchor that will log in a user and redirect them to your Discourse site’s homepage:

<a href="https://forum.example.com/session/sso?return_path=/">Community</a>

Here’s a link that will log in a user and redirect them to your Top Topics page:

<a href="https://forum.example.com/session/sso?return_path=/top">Top Topics</a>

Discourse allows you to login a user and redirect them to a non-Discourse URL if you configure the discourse connect allowed redirect domains site setting. By default this setting is blank - preventing redirects to non-Discourse URLs. If you enable it, be sure to use the absolute URL in the return_path parameter for any non-Discourse URLs that you want to direct users to.

Last edited by @JammyDodger 2024-05-26T07:21:09Z

Check document
Perform check on document:

hosna · July 17, 2024, 8:33pm

I’m using this method but each time I need to login via sso.

How can we make it seamless, meaning if I have already logged in to discourse, there would be no need to go to sso page to login again?

simon · July 18, 2024, 4:30am

Unless something has changed, that is how the link is expected to work. For example, if you are logged into Discourse and click a link on the SSO provider site that points to https://forum.example.com/session/sso?return_path=/t/some-slug/23, you should be seamlessly redirected to /t/some-slug/23 without having to visit the login page first.

hosna · July 18, 2024, 6:43am

I’m already on the latest update of discourse and this is how the sso works for me:

As you can see I’m already logged in, but when I enter a url like https://forum.example.com/session/sso?return_path=/t/some-slug/23, I would be redirected to sso login page again.

simon · July 18, 2024, 12:54pm

I think what is happening is that when you visit a route like https://forum.example.com/session/sso?return_path=/t/some-slug/23, Discourse redirects you to the discourse connect url, regardless of whether you are logged into Discourse or not. That happens here:

github.com

discourse/discourse/blob/main/app/controllers/session_controller.rb#L25-L42


      
          def sso
            raise Discourse::NotFound unless SiteSetting.enable_discourse_connect?
          
            destination_url = cookies[:destination_url] || session[:destination_url]
            return_path = params[:return_path] || path("/")
          
            if destination_url && return_path == path("/")
              uri = URI.parse(destination_url)
              return_path = "#{uri.path}#{uri.query ? "?#{uri.query}" : ""}"
            end
          
            session.delete(:destination_url)
            cookies.delete(:destination_url)
          
            sso = DiscourseConnect.generate_sso(return_path, secure_session: secure_session)
            connect_verbose_warn { "Verbose SSO log: Started SSO process\n\n#{sso.diagnostics}" }
            redirect_to sso_url(sso), allow_other_host: true
          end

The SSO provider site is then expected to handle the case of users who are already logged into the site. Here’s how the WP Discourse plugin handles it:

github.com

discourse/wp-discourse/blob/main/lib/sso-provider/discourse-sso.php#L148-L171


      
          			} else {
          				$sso_secret = $this->options['sso-secret'];
          				$sso        = new SSO( $sso_secret );
          				if ( ! ( $sso->validate( $payload, $sig ) ) ) {
          					return $this->handle_error( 'parse_request.invalid_sso' );
          				}
          
          				$current_user = wp_get_current_user();
          				$params       = $this->get_sso_params( $current_user );
          
          				try {
          					$params['nonce'] = $sso->get_nonce( $payload );
          					$q               = $sso->build_login_string( $params );
          				} catch ( \Exception $e ) {
          					return $this->handle_error( 'parse_request.invalid_sso_params', array( 'message' => esc_html( $e->getMessage() ) ) );
          				}
          
          				do_action( 'wpdc_sso_provider_before_sso_redirect', $current_user->ID, $current_user );
          
          				if ( ! empty( $this->options['verbose-sso-logs'] ) ) {

This file has been truncated. show original

That code (what follows the else statement) handles the case of users who are already logged into WordPress. They are redirected back to the URL that’s supplied by the return_path query param. So from the user’s point of view, they are taken directly to the return path URL, but what actually happens is that they are redirected to the SSO provider site, then back to Discourse.

I think the problem on your site is that your SSO code isn’t handling the case of users who are already logged into the site.

I don’t have things setup to test this right now. It’s possible that I’m reading the code incorrectly. Before looking at the code, I thought that a check was run on the Discourse end to see if the user was already logged into Discourse, but that does not seem to be the way it works.

hosna · July 18, 2024, 4:24pm

thank you very much for your explanation.

Yes that is a thing we are going to fix in our sso.

However

I think having this checked on discourse side would have created a better user experience.

Topic		Replies	Views
Connection and discourse account creation without going on discourse sso	2	1115	October 25, 2022
After successful login, how do I redirect to my Discourse URL with logged in state (SSO)? sso	2	1858	January 6, 2021
Any other way to authenticate user without redirecting to session/sso sso	2	897	November 7, 2022
SSO failover scenarios sso	0	501	November 1, 2022
How to create a login on my front-end application to a specific Discourse site? dev	10	2023	December 14, 2022

Create a DiscourseConnect login link

Related Topics