DiscourseConnect Provider Questions

I am going to enable DiscourseConnect Provider and have a few questions:

  1. Can I still impersonate users and have access to all User Admin controls within Discourse after enabling this?

  2. What happens to those who already exist on Discourse, but not WP? Will their account be effected, what credentials would they use to login, since they don’t actually exist on WP.

  3. how can I add a signup button on my Discourse website the redirects them back to discourse after signing up on WP?

  4. Is there any way that users can still sign up ONLY on discourse with this setting enabled.

Thanks!

Yes, except things that have to do with creating users like invites.

If they can log in to WP with the same address, I think you’ll be ok. Else, they don’t exist.

The login button slyly take them to the WP site

No.

2 Likes

what did you mean by this?

So I just tested this. I took an account that exists on Discourse but not on Wordpress and tried to login and WP gave the following errors:
Screenshot 2023-07-01 220001
Screenshot 2023-07-01 220024

Which I guess makes sense from WP perspective since the user doesn’t actually exist on WP.

The question is: would enabling DiscourseConnect Provider mean that existing Discourse users, that are not registered on my WP, can’t log in anymore?
Is there a solution to this?

When you click the login button you are taken to WP.

Yes. You will need to create those users on WordPress.

I did find this response which expands on what you suggested:

But how can I import them into WP without affecting their current discourse login credentials?
Is there any way to do this without resetting the user’s logins or even notifying them at all so it’s a seamless switch?

I doubt it. There is a Discourse plugin that will allow migrated passwords from wordpress, but I doubt there’s one that goes the other way. You’ll have to get them all to reset their password.

Until you switch to using the WP login what accounts are on WordPress doesn’t affect discourse.

1 Like

I have an idea.

What if I was to enable WordPress as a Discourse Client and then create an automation script that will:

  1. Impersonate a user account on Discourse so that the automation is logged in as the user

    • Navigate to Wordpress and click “Login with Discourse” button.
  2. repeat for all users that exist on Discourse. Around 2k

The idea is that step # 2 will force WP to create an account for the Discourse user with the same credentials. I am also assuming that the “Login with Discourse” button will work automatically without asking for a password when I am logged in as the user, impersonating them.

Once I do this will all users, their accounts would exist inside WP and then I can switch WP to Discourse Provider?

It seems like it makes sense in theory, but would love to hear your feedback on if this could work.

Right. If the user doesn’t exist in WordPress, they can’t log in to WordPress.

You don’t need to impersonate anything.

If you want WordPress to be your authentication source

  • create all of the users in WordPress. See that the email address in WP matches Discourse
  • switch Discourse to using WP as DiscourseConnect host

You’ll have to get people to reset their passwords in WordPress.

What problem is moving authentication to WordPress going to solve? I think you’re going to be sorry that you did this.

We have multiple premium member courses and events that are taking place on our WP website and I want to have seamless integration between WP and Discourse.

What are the downsides to doing this? and why do you say this…

OK. Then if you have Discourse users in WordPress, then you will need to make all of those users have an account in WordPress. If they create it with the same email address, they should be connected with their Discourse user when they log in.

I don’t know what else to say.

1 Like

As Jay noted, the best way to accomplish this is to configure your WordPress site to be the SSO provider for Discourse. Have a look at this topic for details about how to set it up: Configure single sign-on (SSO) with WP Discourse and DiscourseConnect.

After configuring WordPress as the DiscourseConnect provider, Discourse users who do not yet have accounts on your WordPress site will need to signup on WordPress before they can access your Discourse site. You should add a message to your Discourse site to tell users about the change. In the message, encourage users to signup on WordPress with the same email address as they are using on Discourse. That way they will be logged into their existing Discourse account the first time they log back into Discourse via WordPress.

If users do not register on WordPress with the email address they are using on Discourse, a new account will be created for them the first time they log back into Discourse via WordPress. You can resolve this issue on a case by case basis by merging the old Discourse account into the new Discourse account. This can be done from the user’s Discourse admin page.

One thing to note is that the behaviour of users being logged into their existing Discourse account will only work if email addresses are being marked as “valid” on the WordPress end. If you are using the default WordPress registration system, this will work without any issues. If you are using a custom registration page that has been added by a plugin, it is likely that users email addresses will not be marked as “valid.” Details about how to resolve this issue are here: Configure single sign-on (SSO) with WP Discourse and DiscourseConnect. Note that it is very important that you don’t just blindly accept email addresses without validating them in some way. If email addresses are not validated, you risk having existing accounts taken over.

4 Likes

How would we know?

here is my registration page: Log In ‹ Project Van Life — WordPress

Its designed different because of my theme but I know we don’t have a dedicated plugin for login.

It looks like you are using the default WordPress registration system. I am assuming that because your login page is at wp-login.php. This means that the WP Discourse plugin will mark user’s email addresses as verified.

3 Likes

Another question about this.

Does Discourse still send emails when Discourse Connect Provider is setup, does Discourse still send email notifications to WP users?

How does it work if someone is a WP user but never accessed the forum, vs someone who is a WP user and is accessing the forum.

Yes, Discourse will still send them emails. Email notifications sent from Discourse are not affected by using Discourse Connect as the authentication system.

A user on your WordPress site who has never accessed Discourse is not considered to be a user on Discourse. They will not receive any email notifications from Discourse. The only exception to this is if you enable the WP Discourse “Create or Sync Discourse Users on Login” setting:

If that setting is enabled, a Discourse account will be automatically created for users when they login to your WordPress site. In that case, if a user has logged into WordPress, but never visited your Discourse site, they will start receiving the weekly digest email from your Discourse site.

3 Likes

So I just tested this and it doesn’t seem to be the case. how can I make sure users’ emails are verified now without having to do it manually?

Also, how can new users sign up and also get their email verified? Currently, we send them to wp-login.php which has no option for signing up, only logging in.

I can create a new button on the forum which says ‘sign up’ and sends them to a custom sign-up page within WP but then this is an issue:

In addition to this, after they sign up I would want to redirect them back to the Forum and make sure they are logged in.

I am also exploring another approach which I believe would make things easier from the users prespective and would love to hear you’re thoughts.

What if we were to manually export all Discourse users and import them into Wordpress. This process would

  1. Create a Wordpress account for each user that exists on Discourse

  2. link that account to their forum profile

  3. mark their email address as verified in WP. Since they are already Discourse users we can assume they are verified.

  4. Send them an email telling them to reset their forum password (because step 1 would reset it)

This way they don’t have to create a new account for themselves and only have to simply reset their password.

This process does not resolve the questions/issues I highlights in the reply above this one

You can confirm whether or not email addresses are being verified by creating a new account on WordPress after having enabled Discourse Connect. If email addresses are verified, you will see a confirmation at the bottom of the user’s preferences page. You can also manually mark an email address as verified from here:

Assuming email addresses are not being verified, instructions for how to have email addresses marked as verified when a user creates an account are here: Configure single sign-on (SSO) with WP Discourse and DiscourseConnect. This would be safe to do if your site is sending users a confirmation email that contains a link they need to click before they can access the site. If your WordPress site isn’t doing that, you could also add some code so that user’s email addresses are marked as verified after they have registered for one of your courses. Setting that up might require some help from a developer.

I’m seeing two separate login pages on your site:

The easiest thing to do would be to sort this out so that there is only one login page on the site, and the page contains a valid link to the site’s registration page. I suspect that can be accomplished via the settings page of the plugin that is adding the login form. Note that if you choose to use the login page at https://projectvanlife.com/login/ , you will need to add /login to the “Path to your Login Page” in the WP Discourse settings:

I think this might confuse users. An easier approach would be to just add a link to your Discourse forum that is structured so that users are automatically logged into Discourse when they click the link. Here are details about how to create the link: Create a DiscourseConnect login link. Once DiscourseConnect is enabled on your site, you should also structure this link in that way:

That is possible. Some details about how to do it are here: How to import Discourse users to WordPress? - #2 by simon. The main problem I see is that you’d be creating work for yourself without making things much easier for your users. If it was me, my concerns would be that users might not get or read the email and some users might not be happy about having a new account created on their behalf. There’s also a potential security issue unless the importer plugin you use has a way of forcing users to change their passwords after their first login.

It would be a lot easier to just create a banner topic in your “staff” category with details about the change. The wording in the screenshot could be improved a bit:

Once you’ve made the change, update the banner topic to let users know to contact an admin if they run into any issues logging in.

I just thought of something that might help. You could temporarily configure your Discourse site to be the DiscourseConnect provider for your website between now and the time that you set your WordPress site to be the DiscourseConnect provider. If you did that, you could add something like the following to the banner topic:

Here’s the full link that I’ve used:

<a href="http://wp-discourse.test/?discourse_sso=1&redirect_to=http://wp-discourse.test/wp-admin/profile.php" target="_blank">Create an account on (your website name)</a>

Clicking it will register a new account on WordPress and redirect users to their WordPress profile page where they can set a password. Note that for your case you will need to replace both uses of http://wp-discourse.test in the link with https://projectvanlife.com/

4 Likes

@simon thank you SOO much for your detailed response this was all extremely helpful!

This is a great idea!

What if we were to impersonate each user and do this for them? Would that cause any issues?

Does this approach also keep their login password the same after we switch to Wordpress to the Discourse Connect Provider?

3 Likes

I don’t think it would cause any issues.

Setting WordPress as the DIscourseConnect provider will not change the user’s WordPress password.

3 Likes