I realized I wanted to develop and deploy a Discourse SSO endpoint that wraps authentication to a OIDC provider. The endpoint is now developed as a Flask application available as a PyPI package: discourse-sso-oidc-bridge-consideratio. But, I now would like to deploy it, and preferably alongside my discourse_docker deployment.
Question 1 - Does it make sense to integrate the bridge deployment with my discourse deployment?
I have deployed discourse following the INSTALL-cloud.md tutorial. While I could deploy this Discourse SSO OIDC Bridge in a standalone manner somewhere, it would be great if it could integrate with my discourse deployment instead. But, I need to understand a lot about this deployment in order to conclude if it could make sense to deploy this bridge alongside. Also, I have a lot of learning on how to accomplish it. Perhaps I could get some help understanding various parts?
Starting out, does it make sense to attempt this?
Question 2 - What requirements does a integrated bridge/discourse deployment put on the Bridge Flask application?
It would be great to realize soon if an integrated deployment requires certain things by the Flask application.
About the Bridge Flask application
/- A redirect to Discourse
- The discourse-docker repo:
Question 3 - So, I should add a pups .yaml template that I can consume?
It seems like I ought to make a template alongside those found in discourse/discourse_docker’s template folder, does this make sense?
Question 4 - How to augment the nginx configuration with additional locations?
I assume I also need to configure the nginx utilized by my Discourse to direct traffic to the sso-oidc bridge endpoints such as
/logout. I have seen various of replace commands utilized from the .yaml pups templates in the nginx configuration, but I have not seen a template add a new location which may be more tricky.
Also, perhaps this location should be added very early on in the sequence of modifying the nginx config as other steps may refine the location? But, the key question is how to add the location entry in the nginx config at all.