External SSO provider login link


(Dominic Hargreaves) #1

In order to improve the user experience when moving between our main site and discourse, we are considering detecting how the user has logged into our main site and customizing the link to the community site to initiate a login using the relevant SSO provider (Google and Github, so far).

I couldn’t find any evidence of a suitable URL which automatically triggers said login process. Is this feasible to add (or did I miss it already being there)?

Ideally it would recognise which identity was used at the original site and pass that along to prevent the account chooser from appearing (this applies to Google, but probably not Github) but that would be the icing on the cake.

Thanks!
Dominic.


(Sam Saffron) #2

This kind of transparent auth can be built, but its complicated cause you would have to write a custom auth provider and ship a plugin.

The simple alternative is to simply enable SSO and force everyone to login to the forum via the main site (a page you create)


(Dominic Hargreaves) #3

Thanks for your reply. I’m not certain I’ve explained my suggestion well, because I would have not expected it to be such a major change.

I’m looking for a URL of the form

https://discourse/login_sso_dispatcher?provider=google

which would have the same effect as clicking on the relevant login button (but the action that takes is shrouded in javascript).

Implementing an SSO provider on the main site might be possible but would introduce a hard dependency on that site which might be worth avoiding.


(Sam Saffron) #4

I am still not following, can you describe step by step how you expect this to work with a few use cases.


(Dominic Hargreaves) #5

The user visits our main site. They may choose to log in with google accounts, github accounts or internal accounts specific to our site. They might also choose not to log in.

They then choose to visit our discourse instance via a link on our main site.

if they are logged in with an external SSO provider the link on our site should point to a link on discourse which automatically initiates the SSO login sequence with the same provider, if they are not already logged into discourse.

Otherwise, they are sent to the main discourse page, and can log in manually if they choose.


(Sam Saffron) #6

Should be pretty simple.

This will initiate an SSO session:

http://talk.folksy.com/session/sso

This simply visits the site: