Discourse seamless login with external site

(Rana Muhammad Ahsan) #1

I’m using sso to login discourse via an external site. What I want is to login in my discourse forum automatically when I login at my external site. How can I achieve this? For example I open my website xyz.com, and after logging in I click on Forum, which brings me to discourse and I’ve again login here which is not seamless. Any kind of help will be appreciated. Thanks

(Rafael dos Santos Silva) #2

If you have SSO and login_required turned on it is seamless.

(Rana Muhammad Ahsan) #3

@Falco I’ve enabled both SSO and login_required, but I’m sorry its no where near seamless. If I try to access my forum site directly, it will redirect to my external site’s login page which it should do only when I click on login button on my forum. Secondly, when I login at my external site, and press forum, it again take me to the login page with sso query params although I’m already logged in.

(Carlo Kok) #4

Your SSO implementation should redirect back (ie properly finish the SSO login) immediately if you’re already logged in there.

(Kai Liu) #5

The easy way is to link to your forum by URL like forum.example.com/session/sso. The extra /session/sso part will cause Discourse to login via SSO without needing to click the login button.

And you’d better implement some logic in you site, only append the /session/sso part when the user is already logged in on your site. If the user is not, that part of URL will cause Discourse to do a SSO login which results in forcing the user to login. That may not be what you want if you allow anonymous browsing.

(Rafael dos Santos Silva) #6

So your login page is broken.

If you are already logged in, you should have a valid cookie for the login page.

When you go to the forum, the login_required will trigger a immediate login, since you have a valid cookie the login page will just redirect the user back to the forum and the forum will appear after 3 redirects (that should take less than 500ms),

(Reinchek) #7

Sorry @kraml, so there is only the SSO way? Or is it possible to login also through REST API without sso?