How to use SSO (Discourse on subdomain)


Many time to read topics, but I cannot undestand how to do.
Maybe you can help me ?

We installed a Discourse forum on OVH VPS, subdomain of our site (

Old users will be imported into Discourse Forum.
New users will create account by Discourse Forum.
All users will sign on with Discourse.

Our main site ( is PHP/MySQL.
My php pages have to know if the user is logged, his username, his group.
How to do ?
I can create PHP scripts, but I don’t know Ruby.

Maybe read session (cookie) ?

I found this but cannot find what to do with :

Your help is welcome.
Discourse is new for me…

Many thanks

SSO provider feature is inbuilt in Discourse core. So you don’t have to worry about it. Follow this #howto Using Discourse as an identity provider (SSO, DiscourseConnect).

In this line you will receive logged-in user details if you configured everything (php code + settings) correctly.


OK thanks.

I see it’s the solution, but I don’t andertand howto use.

The way with this script :
1/ On external site, user click the link <a href='$discourse_url/session/sso_provider?$query'>sign in with discourse</a>
2/ Discourse returns user info
3/ external site open a session ?

I’m ok or not ?

I’m not far, but have not yet all keys…
Migration stopped until I anderstand how to use the script…
Many thanks !

Here external site received successful logged-in user details. Yes you can start a session.

It is just a placeholder. You have to replace your own code to create a new session in your website.

Also since the script you referred is not official I don’t know whether it is valid working one or not.


It’s more clearn now for me.

I read this several times and then try to do this

Thanks for helping


Last question please about get_key() and set_key() functions

// pretend that set_key is a function that saves key value data in a database

Initially we store the nonce in a database (a single column table ?)
When Discourse respond, we just check if nonce exists in the table ?
If yes, we store login infos received from Discourse with the $_GET
(then store in PHP session…)

Is it ok ?

I just create a table with column “nonce”, and it’s ok.

Now I have to purge the table to delete old nonce, I have to set session variables, and all is ok.

Thanks again

I think you don’t need to store your nonce in db. It is not like an API key.

1 Like

Only in a session variable, so I can check it with value sent by Discourse ?

Yes. anywhere temporarily.

1 Like

I misread what is being done here. To use Discourse as the SSO provider, the nonce will have to be stored somewhere on the website. The wp-discourse plugin does it by saving the value to the database.

Yes. @Jean-Michel25 you can use either way which is easier to you.



I wanted to confirm, for further readers.

I use sessions variables for storing the nonce and then compare it with the string returned by sso server.
All of this works nice.

Thanks for the help !