How to hook up JWT Single Sign On to Discourse

We are investigating using Discourse as a forum section for our website. Our existing app is a Play 2.5 application with it’s own login setup and a JWT authenticator. Our goal is to implement some form of single-sign-on setup where users will be redirected (from Discourse) to our Play app to authenticate, the JWT token is created and sent back (via redirect) to Discourse for use in validating subsequent actions.

I found both GitHub - discourse/discourse-omniauth-jwt: An OmniAuth strategy that uses JSON Web Token for Single Sign-On and GitHub - discourse/discourse-jwt: Discourse Auth support for JSON Web Tokens (JWT) but am unsure if they will support what we are looking for or how to integrate them (I am very new to Discourse). Is there a similar alternative (with JWT) that I am unaware of?

1 Like

The official JWT Plugin is what you want. We’ve deployed it in production and it works well for people.

If you’re unsure how to install a plugin, I suggest you check out @techAPJ’s excellent guide.

6 Likes

Hi, we are trying to implement a similar flow as in the original post. I checked the JWT plugin, and the installation guide, and it seems that it only describes how to install on self-hosted instances, and the plugin was not listed under any business plan. So my question is, how is it possible to use the JWT plugin with a non self-hosted instance?

Unfortunately we don’t include the JWT support in our business tier and strongly recommend you use OpenID, OAuth2, or DiscourseConnect. Is that your only option for auth?

1 Like

A post was merged into an existing topic: DiscourseConnect - Official Single-Sign-On for Discourse (sso)