Hey all. This question is to the developers, including @codinghorror possibly. I would like our platform to integrate with Discourse seamlessly. In order for this to happen, a user authenticating with Discourse needs to also authenticate with our platform at the same time and with the same id every time.
Discourse.User.current() and get a wealth of info including the user id. But, we cannot trust client input. Is there a way to get this information (some of it, at least the user id) signed by the server? This is what Facebook does, for example, with signed_request .
This would be really useful in allowing outside software like ours, which may not have necessarily been written in the same programming language and may not have access to the same server, to still work alongside yours and integrate seamlessly with it. Together with webhooks, it can do a lot.