I implemented Discourse as Identity Provider a few days ago in PHP.
Now where I have a example SSO Payload from my discourse site I wonder if there is a way to check if a user has been Approved. I don’t want Users that are only registered to be able to view the data on my PHP site.
Is there a way to check for this attribute or doesn’t discourse Connect work at all for not Approved Users?
If you have enabled the must approve users setting on your Discourse site, new users will not be allowed to log into Discourse until they have been approved by a staff member. This will also prevent the new users from logging into your PHP site until they have been approved on Discourse. If your PHP site is displaying a link to allow users to login via Discourse, when an unapproved user clicks the link, they will be taken to the Discourse login page, and see a notice like this if they attempt to login:
In case you are interested, here’s an example of the payload that is sent when an approved Discourse user attempts to login to a site via DiscourseConnect: