We use a Discourse SSO flow that we have implemented based on this guide: Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso)
It has worked well for us. But now we want to allow users in our system to change their e-mail and this seems to lead to problems.
When I change the email of my user in our system, SSO to Discourse stops working.
Login Error
There is a problem with your account. Please contact the site’s administrator.
I guess that Discourse receives a payload with an email and a username that don’t match and doesn’t know what to do.
What is a good way to handle this?
The best idea I have come up with is to use the Discourse API to change the users email in Discourse to match that in out system before initiating SSO.
But I don’t know if this is possible. Below is my failed attempt.
Here is my request:
https://forum-stage.{domain}.com/users/{username}/preferences/email
Headers:
Content-Type: application/x-www-form-urlencoded
Accept: application/json
Body (as x-www-form-urlencoded in Postman):
email: testemail@testdomain.com
api_key: 75a...77d
api_username: system
And here is the response I receive
{
"errors": [
"You are not permitted to view the requested resource."
],
"error_type": "invalid_access"
}