Discourse seamless login with external site

(Rana Muhammad Ahsan) #1

I’m using sso to login discourse via an external site. What I want is to login in my discourse forum automatically when I login at my external site. How can I achieve this? For example I open my website xyz.com, and after logging in I click on Forum, which brings me to discourse and I’ve again login here which is not seamless. Any kind of help will be appreciated. Thanks

(Rafael dos Santos Silva) #2

If you have SSO and login_required turned on it is seamless.

(Rana Muhammad Ahsan) #3

@Falco I’ve enabled both SSO and login_required, but I’m sorry its no where near seamless. If I try to access my forum site directly, it will redirect to my external site’s login page which it should do only when I click on login button on my forum. Secondly, when I login at my external site, and press forum, it again take me to the login page with sso query params although I’m already logged in.

(Carlo Kok) #4

Your SSO implementation should redirect back (ie properly finish the SSO login) immediately if you’re already logged in there.

(Kai Liu) #5

The easy way is to link to your forum by URL like forum.example.com/session/sso. The extra /session/sso part will cause Discourse to login via SSO without needing to click the login button.

And you’d better implement some logic in you site, only append the /session/sso part when the user is already logged in on your site. If the user is not, that part of URL will cause Discourse to do a SSO login which results in forcing the user to login. That may not be what you want if you allow anonymous browsing.

(Rafael dos Santos Silva) #6

So your login page is broken.

If you are already logged in, you should have a valid cookie for the login page.

When you go to the forum, the login_required will trigger a immediate login, since you have a valid cookie the login page will just redirect the user back to the forum and the forum will appear after 3 redirects (that should take less than 500ms),

(Reinchek) #7

Sorry @kraml, so there is only the SSO way? Or is it possible to login also through REST API without sso?

(Alan Grainger) #8

Hi @Rana_Muhammad_Ahsan

If I’m understanding you correctly, I’ve been looking for the same thing. This is how I solved it. I only set up Discourse today, so any experts please let me know if there’s a better solution.

In your main site backend, request the headers for the /session/sso page and extract the sso and sig from the redirect URL. Then use those values to create your payload and send your users off seamlessly :slight_smile:

Here’s an example of how you could do it with PHP:

// Fetch the SSO and SIG from Discourse site
$url = 'https://www.example.com/session/sso';
$headers  = (get_headers($url, 1));
$parts   = parse_url($headers['Location']);
parse_str($parts['query'], $query);
$payload   = $query['sso'];
$signature = $query['sig'];

(Alan Grainger) #10

@rbrlortie This is before that step. I use discourse-php after my code to process the payload.

This is to send people straight to Discourse with an authenticated session rather than having them visit the /session/sso link and getting directed back to your main site, and THEN getting directed back to Discourse.