How to use Auth0 with the OAuth2 Basic Plugin

Fantastic, thanks so much for all the help guys, hugely appreciated!

Ruth

3 Likes

Sorry @charchar, I don’t understand how you overcame the “error message with no other options” problem.
I’m stopped just at this point…

Hello!

If the user is new to Discourse, then, after authentication, a window appears with the data of the new user. Is it possible to somehow create a Discourse user automatically, without showing this window? The user is already created on Auth0 …

It is not currently possible, but we hope to add it soon

https://meta.discourse.org/t/openid-connect-authentication-plugin/103632/56?u=david

2 Likes

Is the same situation with the discourse-saml plugin?

The SAML plugin creates the user automatically. We’re planning to make the same functionality available in other plugins.

3 Likes

Is there an update on this?

I’ve got a site that’s using oauth2-basic with auth0. It is the only auth method available and local logins are disabled. New users are not getting created on the Discourse side and logins fail silently, so there is no way to add new users. It’s not clear if this started at the beta9 upgrade or when we switched to oauth2-basic some weeks ago.

At this point, even having to click through a “create your account” screen would be totally fine.

EDIT: A theme component was keeping the new user modal from popping up. Still interested in skipping that step, though.

1 Like

It helps to know that setting logout redirect to https://SITENAME.auth0.com/v2/logout (or https://SITENAME.auth0.com/v2/logout?returnTo=SOME_URL_THAT_IS_IN_ALLOWED_LOGOUT_URLS') then logging out of Discourse will log out of auth0.

5 Likes

It is now available in ALL THE PLUGINS :tada:

7 Likes

Was able to follow the guide to setup SSO using Auth0 and everything works fine. Just that, when the avatar_url is updated in auth0 , it doesn’t get updated on the discourse side. I have tried login and logout for both admin and regular accounts. Just to be clear, the avatar is set correctly at signup, but isn’t updated later on discourse. I can see the debug output in the logs and the user_json does have the updated avatar_url

1 Like

@blake can you please tell me if this is a known issue or if I need to correct anything in my setup?

I ended up disabling the oauth2_basic plugin and followed the sso flow using Auth0 rules as described here: https://blog.leog.me/discourse-sso-with-auth0-e49486d0294a

One change I did was to store the sso_secret in the rules config rather than in application’s metadata

Also include the client_id
https://auth0.com/docs/logout/redirect-users-after-logout

(oauth2_basic) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

Any ideas?

Is it possible to make Auth0 the only possible way to register and login?

Yes, just disable all the other login methods. (including the enable local logins setting)

1 Like

Is it possible to just redirect to the Auth0 signup and not display the basic signup form?

If you want to hide all the Discourse login/signup UI, then you can turn off the enable local logins site setting

1 Like

Thanks David. I did that but I’ve noticed that when I sign up using the modal and get redirected back to Discourse, it prompts again for a username and other details so it doesn’t look like Auth0 is passing that information back to Discourse. I’m wondering if the solution is to keep the modal simple with just email address and password on the Auth0 modal for registration and get the rest of the details on Discourse.
Problem is we want to keep the user data in one place using a custom database attached to Auth0.

how can i set logout redirect to i cant found anything about logout