Discourse Connect Flow

Ankit_Kumar_Jha · April 28, 2023, 3:26am

We are looking to build a community using discourse APIs. We are facing an issue the flow.

Our Front end is a react app and the BE is based on NodeJS with a MS architecture. We manage all the authentication flow on our end.

From my understanding of Discourse Connect is,

FE creates the payload, with a nonce, user Information and then makes a call to example.com/session/SSO ?sso=xx&sig=xx
DIscourse then makes a call back to the discourse_connect_url, wherein I will validate the payload and then return the redirect url and users will be redirected to the discourse.

However, when I create the payload with user information, I am not able to propagate it from my Front End to Discourse and then to Backend. Can somebody help me out or is my understanding correct? I searched the forum too with expected solutions but to no avail.

Note that when I hardcore user information from BE, I am able to login users to discourse.

I want our website to be the authentication providers for the discourse, and propagate user information from Front End to BE. Can somebody help me with the flow or maybe some examples for the Javascript?

fzngagan · April 28, 2023, 6:35am

Hi Ankit,
The flow is actually reverse of what you described. When you setup Discourse Connect on your site:

Clicking the login button will take you to discourse_connect_url with 2 get params sso and sig.
The user will enter their credentials on the discourse_connect_url and will be authenticated by your site, if the auth is successful, then you need to decode the sso and follow the further steps as described in Discourse Connect topic.

Igor_Rezende · July 29, 2023, 1:13pm

I have a similar flow issue, I don’t want my user to access the Discourse and click on login, I need my user to access my platform and click on the Access Discourse button and access the Discourse transparently.

Is it possible for my platform to generate a ‘nonce’ for my user using api in a safe way, without them having to access the Discourse before and click on login?

Note: I can do this myself by accessing the Discourse and clicking the button for them, without them knowing, but this is not safe for the application.

supermathie · May 3, 2024, 4:50am

The simplest option is to have the “Access Discourse” button be a link to /login on the forum.

Topic		Replies	Views
How to create a login on my front-end application to a specific Discourse site? Dev	10	2192	December 14, 2022
Discourse doesn't redirect to return_sso_url after user logs in on private site Support	5	3981	November 29, 2018
Create a DiscourseConnect login link Integrations sso , discourseconnect , how-to	6	5037	September 25, 2024
Discourse SSO using auth0 via URL SSO	5	3517	November 12, 2018
Connection and discourse account creation without going on discourse SSO	2	1193	October 25, 2022

Discourse Connect Flow

Related Topics