Discourse as identity provider: closing login dialog doesn't redirect to return url

I use Discourse as a SSO consumer provider, meaning Discourse is the source of truth.

When I redirect my users to the SSO link:

  • If login is successful, they are redirected back to the return_url parameter, as expected.
  • If they close the login modal (or the account creation modal), they stay on the forum page and never get back to my web site.

A workaround that seems to work (code to be put in a plugin initializer):

  // In case this is a SSO login...
  if (window.location.pathname === '/login') {
    // Put a hook on the closeModal function, so that we redirect user
    // to the original web site if he closes the login or create-account modal
    ApplicationRoute.reopen({
      actions: {
        closeModal() {
          if ($('.modal.login-modal, .modal.create-account').length) {
            location.href = document.referrer
          } else {
            this._super()
          }
        }
      }
    })
  }
2 Likes

Why would this be expected behavior?

EDIT: I’ve edited my first post, sorry for the confusion. I’m using Discourse as an identity provider.

Consider a user reading a page on a web site. The web site uses Discourse both for its ‘forum’ section and as an identity provider. In order to perform an action (outside of the forum), the user needs to login. Then:

  • Scenario 1: user enters his credential, login succeeds, user comes back to where he was and can continue.
  • Scenario 2: user changes his mind and decides he doesn’t want to log in. If he uses the ‘back’ button, he comes back to where he was and can continue. If he uses the X button to close the modal or hit the ESC key, he lands in the discussion forum. I think he should go back to where he was instead.
2 Likes

Any new developments with this @codinghorror ?

We also really want to use discourse as login provider from our main site, but canceling the login/account creation and just ending up on the forums isn’t really a good option. As people might not know about the forum at all yet.

We just need to call the login box on its own and be able to return safely to where we call it from.
So maybe a more stylable option rich login box/account creation for SSO is needed? So it can be used in a popup or standalone.

This way we will have the security and safety of good account creations of discourse and natural SSO integration.

So please consider it.

Have you actually tried it? It might already be fixed.

1 Like

Yes of course we tried it in the latest discourse.

Still doesn’t work - the login box can just be closed by clicking on the X icon and the user is left on the forum… while it is a SSO session…

It will be just really useful to have these SSO options:

  1. Allow the user to close login
  2. Dim completely the forum behind the login (or allow the login to be called stand alone)
  3. Add a custom message in the login box to explain more the SSO login

Those options will be really useful for SSO logins when using Discourse as login provider.

Please consider implementing them.

1 Like

You mean, “close the login and be redirected back to the previous site”?

That’s already done and can be customized via CSS.

You can do that in a theme by overriding the login-modal template.

Yes indeed - when login box is closed user should just be redirected back.

But as it is the same login box for regular login and SSO login - how can you distinguish the styling?
Or is there a special css class applied when called as SSO login?

Same as above … how can we style and customize the SSO login only? but not the regular