If someone changes their email in WordPress, change it in Discourse - sso_sync

Howdy all. I’ve spent a couple hours reading threads and trying to get this work with no luck.

Basically we just want that if someone changes their email in WordPress, it gets changed in Discourse.

I think I can use the sso_sync api call but I can’t seem to figure out how to use it. Can anyone help with a php code example? (I use other discourse api calls successfully. Just can’t figure out how to use this one.)


1 Like

I should add that I know the email change will happen when the user next logs in to discourse, but we need to instantaneously change it when they change it in WordPress.


This is working to sync SSO records when I run it in my development environment. I’m testing this inside of a class in the wp-discourse plugin. $this->options[] is from wp-discourse. You could just hard-code the values. I’ll look at it some more tomorrow.

Class DiscourseSSO {
    // Add the action hook
    public function __construct() {
        add_action( 'profile_update', array( $this, 'sync_sso' ), 10, 2 );

    public function sync_sso( $user_id, $old_data ) {
        $user = get_user_by( 'id', $user_id );

        if ( $user->user_email !== $old_data->user_email ) {
            $url          = $this->options['url'] . '/admin/users/sync_sso';
            $api_key      = $this->options['api-key'];
            $api_username = $this->options['publish-username'];
            $sso_secret = $this->options['sso-secret'];
            $params = array(
                'username'    => $user->user_login,
                'email'       => $user->user_email,
                'external_id' => $user_id,

            // base64 encode the SSO params.
            $sso_user = base64_encode( http_build_query( $params ) );
            // Create the signature for Discourse to match against the payload.
            $sig      = hash_hmac( 'sha256', $sso_user, $sso_secret );

            $response = wp_remote_post( esc_url_raw( $url ), array(
                'body'   => array(
                    'sso' => $sso_user,
                    'sig' => $sig,
                    'api_key' => $api_key,
                    'api_username' => $api_username,
            ) );

            $response = json_decode( wp_remote_retrieve_body( $response ) );

            // Do something with the response.

Thanks @simon. Finally got a minute to try this and it works great!

1 Like

Hey Leah - would love to understand how you managed to connect MemberMouse up to Discourse (allow signups to a specific MM bundle; and disable a users account if they don’t renew a yearly subscription).

Mind if I pick your brain?

Hi André. I’d be happy to write up all the things I did to connect WordPress and MemberMouse. I’ll do it in a separate thread here for any other MemberMouse users. Might take me a week to get to it though.

1 Like

OK @andrec, I wrote some MemberMouse stuff up here. I didn’t include very much actual code but feel free to ask me if you get stuck on any specific part of things.


@lkramer - you rock, thx a ton!