Getting signed data from the server

Like this (but remember that the roles of your application and Discourse are swapped):

You can’t, Discourse will always send the user back here:

From there, you application can redirect the user wherever you want.

No, it’s a custom protocol.

Since Discourse redirects to a fixed URL to complete authentication, there’s no sanitization going on :slight_smile:

1 Like