To be clear, I want to use Discourse to do the authentication. I still need to understand, in that case:
-
Which URL do I redirect to, on
http://discourse_site/... -
How do I specify where to redirect back, as well as a nonce (“state” parameter in oAuth)
-
“Discourse will always send the user back here” lists
http://discourse_sitebut I am talking about redirecting back tohttps://somesite.com/success?sso=PAYLOAD&sig=SIG
It seems to me, after reading the above, that the SSO plugin is NOT designed for this. It’s designed the other way - using my site for authentication. For example, as soon as you turn on enable_sso then:
So, fine. It seems that this is only designed to go one way. Then my question becomes: how can I migrate our existing users? I guess I can create accounts with the exact same email addresses in our app, but then how do we automatically link their account and data to these new accounts? Does Discourse automatically match the SSO to existing accounts by email address? If so that will solve everything for our use case.