Discourse as identity provider: closing login dialog doesn't redirect to return url


#1

I use Discourse as a SSO consumer provider, meaning Discourse is the source of truth.

When I redirect my users to the SSO link:

  • If login is successful, they are redirected back to the return_url parameter, as expected.
  • If they close the login modal (or the account creation modal), they stay on the forum page and never get back to my web site.

#2

A workaround that seems to work (code to be put in a plugin initializer):

  // In case this is a SSO login...
  if (window.location.pathname === '/login') {
    // Put a hook on the closeModal function, so that we redirect user
    // to the original web site if he closes the login or create-account modal
    ApplicationRoute.reopen({
      actions: {
        closeModal() {
          if ($('.modal.login-modal, .modal.create-account').length) {
            location.href = document.referrer
          } else {
            this._super()
          }
        }
      }
    })
  }

(Jeff Atwood) #3

Why would this be expected behavior?


#4

EDIT: I’ve edited my first post, sorry for the confusion. I’m using Discourse as an identity provider.

Consider a user reading a page on a web site. The web site uses Discourse both for its ‘forum’ section and as an identity provider. In order to perform an action (outside of the forum), the user needs to login. Then:

  • Scenario 1: user enters his credential, login succeeds, user comes back to where he was and can continue.
  • Scenario 2: user changes his mind and decides he doesn’t want to log in. If he uses the ‘back’ button, he comes back to where he was and can continue. If he uses the X button to close the modal or hit the ESC key, he lands in the discussion forum. I think he should go back to where he was instead.