Create a DiscourseConnect login link

simon · July 18, 2024, 12:54pm

I think what is happening is that when you visit a route like https://forum.example.com/session/sso?return_path=/t/some-slug/23, Discourse redirects you to the discourse connect url, regardless of whether you are logged into Discourse or not. That happens here:

github.com

discourse/discourse/blob/main/app/controllers/session_controller.rb#L25-L42


      
          def sso
            raise Discourse::NotFound unless SiteSetting.enable_discourse_connect?
          
            destination_url = cookies[:destination_url] || session[:destination_url]
            return_path = params[:return_path] || path("/")
          
            if destination_url && return_path == path("/")
              uri = URI.parse(destination_url)
              return_path = "#{uri.path}#{uri.query ? "?#{uri.query}" : ""}"
            end
          
            session.delete(:destination_url)
            cookies.delete(:destination_url)
          
            sso = DiscourseConnect.generate_sso(return_path, secure_session: secure_session)
            connect_verbose_warn { "Verbose SSO log: Started SSO process\n\n#{sso.diagnostics}" }
            redirect_to sso_url(sso), allow_other_host: true
          end

The SSO provider site is then expected to handle the case of users who are already logged into the site. Here’s how the WP Discourse plugin handles it:

github.com

discourse/wp-discourse/blob/main/lib/sso-provider/discourse-sso.php#L148-L171


      
          			} else {
          				$sso_secret = $this->options['sso-secret'];
          				$sso        = new SSO( $sso_secret );
          				if ( ! ( $sso->validate( $payload, $sig ) ) ) {
          					return $this->handle_error( 'parse_request.invalid_sso' );
          				}
          
          				$current_user = wp_get_current_user();
          				$params       = $this->get_sso_params( $current_user );
          
          				try {
          					$params['nonce'] = $sso->get_nonce( $payload );
          					$q               = $sso->build_login_string( $params );
          				} catch ( \Exception $e ) {
          					return $this->handle_error( 'parse_request.invalid_sso_params', array( 'message' => esc_html( $e->getMessage() ) ) );
          				}
          
          				do_action( 'wpdc_sso_provider_before_sso_redirect', $current_user->ID, $current_user );
          
          				if ( ! empty( $this->options['verbose-sso-logs'] ) ) {

This file has been truncated. show original

That code (what follows the else statement) handles the case of users who are already logged into WordPress. They are redirected back to the URL that’s supplied by the return_path query param. So from the user’s point of view, they are taken directly to the return path URL, but what actually happens is that they are redirected to the SSO provider site, then back to Discourse.

I think the problem on your site is that your SSO code isn’t handling the case of users who are already logged into the site.

I don’t have things setup to test this right now. It’s possible that I’m reading the code incorrectly. Before looking at the code, I thought that a check was run on the Discourse end to see if the user was already logged into Discourse, but that does not seem to be the way it works.

Topic		Replies	Views
Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) Integrations sso , discourseconnect , configuring , how-to	7	436095	September 12, 2024
Problem with WordPress <> Discourse SSO for logged in users WordPress	8	1129	March 13, 2023
Discourse a SSO provider for Wordpress WordPress	10	5711	May 23, 2020
Configure single sign-on (SSO) with WP Discourse and DiscourseConnect Administrators sso , wordpress , video , discourseconnect , how-to	3	4921	May 7, 2024
Discourse doesn't redirect to return_sso_url after user logs in on private site Support	5	3979	November 29, 2018

Create a DiscourseConnect login link

Related Topics