I believe this is already how it works if you don’t have SSO - a user who is invited via email doesn’t need to activate their email, as the email link itself counts as the activation.
However I’m using WordPress as the SSO and if I invite someone there is a laborious process of first being sent to the login screen, having to click register, fill out the form, then need to validate my email, then when you finally land on the forum you have to click “login”, all before getting in.
Is there a way I can:
Make the invite link default to going to my Register page, not the login page
Hey no sorry for the confusion I mean using the Discourse invite system.
I want to encourage people to invite their friends and get the badges related to that. But currently the sign up process is very tedious after being invited.
Also FYI I had it set to make invited people TL1 but it ignored that in my testing and set it to TL0.
As far as I understand it, it is not currently possible for a DiscourseConnect Provider client to distinguish between a login request originating from an invite and a login request originating from a normal login. In other words, this is how it works
User A creates an invite in Discourse.
User B goes to invite link (in Discourse).
Because DiscourseConnect is setup Discourse redirects User B to Wordpress.
Currently, I don’t think it’s possible for the WP Discourse plugin to distinguish between a request coming in like 3 (i.e. redirect from an invite) and a request coming in from when a user just clicks “log in” in Discourse. In other words you’d have to redirect all incoming authentication requests to registration, which is probably not what you want.
@Shauny In short, there’d need to be an update in the DiscourseConnect protocol itself (i.e. how it works in Discourse) for the invite flow to work in the way you want.
Removing the verification email, besides being insecure, has the same issue.
There’s no way to distinguish between the scenario you’re envisaging and other scenarios on the Wordpress side of things. Even if that were possible, it’d still not be advisable as you can share an invite link without ever emailing it to someone.
So, the auto-redirect to registration may be possible if there’s an update to the DiscourseConnect protocol, but removing email verification is probably not possible (without compromising the security of your site).
But if you email the invite link and they click the link from the email, you’ve already verified their email address. If you don’t use SSO, this all just works and no further email verification is required!
From what I understand, in it’s current state, there is no way for Discourse to tell the SSO provider that the email was verified by an invite, and the SSO isn’t telling Discourse that either.
There really should be a way to remove email activation in the core product. I have Discourse set up with SSO and the email verification step is adding a lot of friction for new users.
There is this plugin which turns it off but unfortunately I don’t have access to install plugins where I’m hosting (and it doesnt seem to work for everyone): Disable Email Verification for Discourse Plugin
It’s quite frustrating not being able to turn email activation off and there are many posts over the years with different people struggling with this. The core product should let Admins run a server the way they want.