Doing SSO in the background?


(Faeron Sayn) #1

Disclaimer:
I’ve very new to discourse and I was successfully able to setup an SSO for my app and discourse using the official discourse SSO.

##My Problem##
One of my concerns is that if a user does decide to login to my application and then goes to discourse, the user won’t be logged in (which is how the SSO is intended to be). Even so, if the user decides to click on the login button on the discourse site, they’ll be redirected to the login page of the site that they are already logged into, which doesn’t work because that page is unavailable.


##My Question##

My question is that is it possible to be able to have the user login in the background? Is there some sort of function that I can call or an api call to my discourse instance to have it login the user, so when the user does eventually visit the discourse instance they are already logged in?

I essentially want to have the user login to discourse everytime they login on the main application. If there is some documentation for this, or how I should go about doing this, it would be great!

PS: Sorry if I put this in the wrong category.


(Kane York) #2

Yup. When they log in to your app, send them to:

http://discourse.example.com/session/sso?return_path=http://auth.example.com/after_discourse

(note, you shouldn’t use that exactly as I typed it - please properly urlencode the return path)


(Faeron Sayn) #3

@riking Is there some type of documentation for this? Will this be done seamlessly? I don’t want them to be redirected to discourse, I just want to let discourse know that this user has logged in. Do I send the user to this and have discourse authenticate, and just return the user back to the normal flow? In which case, I am wondering if the user will actually see the page reload?

This seems like the url that’s used for normal SSO with a return path attached. In any normal login this wouldn’t work because I wouldn’t have a payload / sig to use.


(Kane York) #4

They’ll basically get bounced back and forth.

  1. GET yoursite/login
  2. POST yoursite/login
  3. GET discourse/session/sso
  4. GET yoursite/discourse_sso?payload=…
  5. GET discourse/sso_login?payload=…&sig=…
  6. GET yoursite/after_discourse
  7. GET yoursite/homepage (logged in now)