Our aim is to use Wordpress as a repository for static content such as photo and file libraries, and photo essays. We have a load of old static content which we wish to host on the Wordpress site, and our “For Sale/Wanted” section is on the Wordpress site (using AWPCP). To that end, using Discourse as our SSO provider is just what we were looking for… however.
The functionality just kind of happens. How difficult would it be to add a Discourse log similar to admin/logs/staff_action_logs which tracked Login and SSO events?
I’m thinking of something along the lines of a log with columns for
Action: Created WP account, Accessed WP account, Failed SSO request
Details: Error message (in the case of a failed SSO access)
When a user already has a preexisting account on WP, but the passwords aren’t identical if they try to use the SSO to login the error message is:
The email address supplied by Discourse does not match your account. Probably a user other than yourself is logged into Discourse on your device. Please try visiting the Discourse forum and logging that user out. You should then be able to sync your account with Discourse.
This was a user with identical email and username, but different passwords.
Could the Plugin restrict account creation to only discourse users? Despite having the Akismet plugin on our WP we’re averaging something like 50 account creations per day.
At the moment the plugin is open to any discourse user. It would be nice if we could limit that, either by Trust Level, or by group membership.
With group membership throttling you could do something like only members of the group WP_Subscriber can use the SSO. Taking it to the next level you could map groups to roles in WP (i.e. WP_Subscriber>>Subscriber, WP_Contributor>Contributor)