Discourse Connect Flow

We are looking to build a community using discourse APIs. We are facing an issue the flow.

Our Front end is a react app and the BE is based on NodeJS with a MS architecture. We manage all the authentication flow on our end.

From my understanding of Discourse Connect is,

  1. FE creates the payload, with a nonce, user Information and then makes a call to example.com/session/SSO ?sso=xx&sig=xx

  2. DIscourse then makes a call back to the discourse_connect_url, wherein I will validate the payload and then return the redirect url and users will be redirected to the discourse.

However, when I create the payload with user information, I am not able to propagate it from my Front End to Discourse and then to Backend. Can somebody help me out or is my understanding correct? I searched the forum too with expected solutions but to no avail.

Note that when I hardcore user information from BE, I am able to login users to discourse.

I want our website to be the authentication providers for the discourse, and propagate user information from Front End to BE. Can somebody help me with the flow or maybe some examples for the Javascript?

1 Like

Hi Ankit,
The flow is actually reverse of what you described. When you setup Discourse Connect on your site:

  1. Clicking the login button will take you to discourse_connect_url with 2 get params sso and sig.
  2. The user will enter their credentials on the discourse_connect_url and will be authenticated by your site, if the auth is successful, then you need to decode the sso and follow the further steps as described in Discourse Connect topic.

I have a similar flow issue, I donā€™t want my user to access the Discourse and click on login, I need my user to access my platform and click on the Access Discourse button and access the Discourse transparently.

Is it possible for my platform to generate a ā€˜nonceā€™ for my user using api in a safe way, without them having to access the Discourse before and click on login?

Note: I can do this myself by accessing the Discourse and clicking the button for them, without them knowing, but this is not safe for the application.

The simplest option is to have the ā€œAccess Discourseā€ button be a link to /login on the forum.