Fake authentication provider for development/testing purposes

:information_source: for local development use only. Not useful for production sites

When working on Discourse locally, it’s useful to be able to test all the different login methods. Most of the time, we don’t care about the actual auth process, we just want to know how Discourse will react to different inputs. e.g.

  • What happens if the email isn’t verified?
  • What happens if the auth provider doesn’t send us an email address?
  • What happens if the auth provider doesn’t send us a username?
  • What happens if the email matches, but not the UID?
  • How do invites work when external auth is used?
  • What does the login screen look like?
  • (I could go on forever here… but you get the idea)

Until now, the only real option has been “set up real Google/Twitter/OAuth2/etc. auth on your dev environment”. This works, but it’s super tedious, and then you’re stuck creating multiple Google/Twitter accounts to test different combinations.

I’ve made something a little more streamlined:

If you install this plugin locally, it will give you a fake authentication provider. As far as Discourse is concerned, it works the same as any other provider (e.g. Google, Twitter, OAuth2, OIDC, etc.).

When you start the login flow, you’ll be shown this screen, where you can manually enter whatever data you like. Submitted values will be remembered via a cookie, so you can repeat the same action easily. The fields match up to the Omniauth Auth Hash Schema.

It uses the ManagedAuthenticator system, so data will be stored in the user_associated_accounts table with a provider_name of developmentauth .

It also supports DiscourseConnect! To try this out, just install the plugin and turn on the enable_discourse_connect setting. Next time you log in, you’ll see all the DiscourseConnect fields ready to use.

Please give it a try next time you’re working on Auth, and let me know if there’s anything that can be improved :slight_smile:

:philosoraptor: Note that this is the most insecure authentication plugin ever invented. Therefore, it will refuse to boot in a production environment, and you must set the DISCOURSE_DEV_ALLOW_ANON_TO_IMPERSONATE environment variable to 1 for it to work