Desired URL lost if `login required` is enabled and social logins are used


(Jay Pfaffman) #1

If you visit https://discourse.fictiousexample.com/t/my-fine-topic/12345 and login required is enabled, you’re redirected to https://discourse.fictiousexample.com/. Then you have to click the login button, and then you’re redirected back to the home page rather than the topic that you wanted in the first place.

What I would expect to happen (and what my client using auth0 wants to happen) is when you access a topic and are not logged in, you’d go straight tot the log in and be redirected to the topic after you’re logged in.

I thought at first it was a problem with GitHub - auth0/discourse-plugin: Discourse plugin to authenticate with auth0., but the problem seems to be with the login required setting rather than the plugin.

This seems similar to the problem of trying to access a protected topic when you’re not logged in. What happens in that case is you get a 404 and are then on your own to log in and try again to access that URL.

Would it be possible to when hitting a route that is protected to give the user an opportunity to log in before giving up?


(David Taylor) #2

My forum is login-required, and it works for me. I visit a link to a topic, get prompted to login, then am returned to the topic.

I’m using the standard Discourse login system. It could be that the auth0 flow is ‘forgetting’ the original topic along the way…


(Jay Pfaffman) #3

Aha! I stand corrected!

It does work if I log in directly with Discourse, but if I log in with Google, then I get dumped back at the home page rather than the desired topic.

Trying to access a #lounge topic on meta when logged out. . .

image

Hey! I don’t remember seeing that before! And if I log in with Google, I’m redirected as I expect. This is different from the login required case that I started on, but accessing a locked URL when logged out is as close as I can come on meta and try.

I’ll rebuild on my site and see if this is a fixed regression.

Edit: OK. I did a rebuild on my login required site and it’s still the case that if I am logged out and visit a topic, if I log in with Google, I’m redirected to the home page, but if I log in with a Discourse username and password, I’m dumped at the home page rather than the topic page.

This seems like a bug.


(Jeff Atwood) #4

@eviltrout is this also true with SSO? It seems “redirect to original link you wanted to visit” only works with Discourse logins at the moment?


(Simon Cossar) #5

This works properly with SSO for login-required forums. The original link is passed as session[:destination_url] to /session/sso and then saved. It also works if you create an external SSO link with a return_path parameter:

http://forum/example.com/session/sso?return_path=http://forum.example.com/t/test-topic/123


(Jeff Atwood) #6

So this only fails for social logins, then?