Discourse seamless login with external site

I’m using sso to login discourse via an external site. What I want is to login in my discourse forum automatically when I login at my external site. How can I achieve this? For example I open my website xyz.com, and after logging in I click on Forum, which brings me to discourse and I’ve again login here which is not seamless. Any kind of help will be appreciated. Thanks

If you have SSO and login_required turned on it is seamless.

5 Likes

@Falco I’ve enabled both SSO and login_required, but I’m sorry its no where near seamless. If I try to access my forum site directly, it will redirect to my external site’s login page which it should do only when I click on login button on my forum. Secondly, when I login at my external site, and press forum, it again take me to the login page with sso query params although I’m already logged in.

Your SSO implementation should redirect back (ie properly finish the SSO login) immediately if you’re already logged in there.

1 Like

The easy way is to link to your forum by URL like forum.example.com/session/sso. The extra /session/sso part will cause Discourse to login via SSO without needing to click the login button.

And you’d better implement some logic in you site, only append the /session/sso part when the user is already logged in on your site. If the user is not, that part of URL will cause Discourse to do a SSO login which results in forcing the user to login. That may not be what you want if you allow anonymous browsing.

4 Likes

So your login page is broken.

If you are already logged in, you should have a valid cookie for the login page.

When you go to the forum, the login_required will trigger a immediate login, since you have a valid cookie the login page will just redirect the user back to the forum and the forum will appear after 3 redirects (that should take less than 500ms),

2 Likes

Sorry @kraml, so there is only the SSO way? Or is it possible to login also through REST API without sso?

Hi @Rana_Muhammad_Ahsan

If I’m understanding you correctly, I’ve been looking for the same thing. This is how I solved it. I only set up Discourse today, so any experts please let me know if there’s a better solution.

In your main site backend, request the headers for the /session/sso page and extract the sso and sig from the redirect URL. Then use those values to create your payload and send your users off seamlessly :slight_smile:

Here’s an example of how you could do it with PHP:

// Fetch the SSO and SIG from Discourse site
$url = 'https://www.example.com/session/sso';
$headers  = (get_headers($url, 1));
$parts   = parse_url($headers['Location']);
parse_str($parts['query'], $query);
$payload   = $query['sso'];
$signature = $query['sig'];

@rbrlortie This is before that step. I use discourse-php after my code to process the payload.

This is to send people straight to Discourse with an authenticated session rather than having them visit the /session/sso link and getting directed back to your main site, and THEN getting directed back to Discourse.