Find user by external ID (SSO)


(Michael Congiusta) #1

For those of us making use of SSO, being able to find a user by their external ID would be very helpful. It would make linking profiles etc. much more straightforward in cases where username requirements may not fully map 1:1.

From my current understanding, external_id isn’t currently stored in the User model, but is passed as part of the payload. Could this data also be saved to the user model directly?


(Michael Congiusta) #2

Did some further digging - storing external_id is probably redundant as it’s stored in SingleSignOnRecord. Perhaps it would make more sense to add an API endpoint could be added to convert the external_id to user_id?


(Jeff Atwood) #3

I agree with this can we make sure it is on the SSO todo list @sam?


(Sam Saffron) #4

This exists now as its a custom_field, will see if I can add a find user by custom field general route.


(Dean Peterson) #5

I found it: users/by-external/:external_id


(Sascha Hlusiak) #6

Where would I find documentation for this? I’m looking to find users by external_email or external_username.


(Joshua Rosenfeld) #7

I’m not sure any formal documentation exists. What exactly are you looking to do? A specific example would make it much easier to provide you with the details (or link to a topic) that you need.


(Sascha Hlusiak) #8

We may have a bit of an unusual scenario but we’d like to integrate Discourse into multiple separate instances of our webapp, so effectively we have lots of IdPs and only one single Discourse instance.

These users have different external_ids but the same email address. Discourse will look up users by external_id and if not found will look them up by the email address and update the external_id if found.

This effectively makes discourse merge our external users, which is very nice, making the email address the only unique identifier as the external_id in discourse changes. To fetch notifications we’d like to look up a user by the external email address as the external_id does not necessarily match any more.

Is this possible?


(Joshua Rosenfeld) #9

That’s beyond my SSO knowledge, sorry.

I saw that you made a dedicated #dev:sso topic very similar to this, as this question is related, I’d suggest coalescing all discussion in one topic.