The Accept Invitation button does not work on stable v.2.8.10. When you try to login via SSO, it will just redirect you back to the invite page, and Accept Invitation doesn’t do anything. No console errors showing either. Can someone assist?
Thanks for your response! What info do you need specifically? We have it self-hosted on stable branch (v2.8.10) using discourse-saml plugin with Okta (SSO). Prior to the 2.8.10 update, we were able to create invite links to groups and they would work, the user would login via SSO then they would be redirected to the topic specified in the invite setting.
In the previous stable version v2.8.9, on domain.com/invites/invitecode :
A non-logged in user would be presented with a screen that asks them to login via SSO (Okta which is specified in the app.yml SAML config), which will redirect them to SSO to login/register, afterwards it will execute the invite actions (redirect to topic, add to group, etc)
A logged in user would automatically bypass the invite screen and the invite actions will be executed
In the current stable version v2.8.10, on domain.com/invites/invitecode :
Both non-logged in and logged-in users will be presented with the invite screen with 2 buttons:
– Login via SSO Button
– Accept Invitation (this is new)
When the Login via SSO button is clicked, the user is prompted to login (if not logged in) and will be redirected back to the invite page again.
When the Accept Invitation button is clicked, nothing happens.
We observed in the network browser console that there is a PUT request to domain.com/invites/show/invitecode.json which is returning a 504 error (only in the 2.8.10 version)
Thanks for responding! Glad to hear you have visibility on the issue.
Unfortunately we do not have a test-passed instance with SSO, as we’ve always stuck with stable. I do have a test-passed branch without SSO and there are no issues there.
EDIT: I’ll give it a go to see if I can get a test-passed instance with SSO running
EDIT:
Just an FYI for others who may be experiencing this:
Version 2.8.11 of stable does not fix the issue. Clicking on Accept Invitation spews out a console log error now though: PUT https://<DOMAIN>/invites/show/<INVITE_CODE>.json 404
The .json url takes you to:
// https://<DOMAIN>/invites/show/<INVITE_CODE>.json
{
"errors": [
"The requested URL or resource could not be found."
],
"error_type": "not_found"
}
Hi @hyphalos I’ve started taking a look at this today. I’m unfamiliar with our SAML setup so please bear with me.
This is a little strange, the “Accept Invitation” button should only show for logged in users. Can you please post a screenshot of what both logged in and logged out users see for a specific invitation, and also what options are you choosing for the invitation here:
Thanks for getting back to me. Sorry for the delayed response, I was out sick.
I did some more testing and what I’ve observed is after updating to v2.8.11 is that people can only accept an invitation once no matter the create invite settings. I’ve tested it with Arrive at topic, without arrive at topic, add to group, without add to group, etc. and people can only accept invites once. Is this intended behaviour?
What if a guest signs up but uses the same invite URL again, they’ll get stuck in the invite page (no redirection with arrive at topic). When they click Accept Invitation, this error pops up:
EDIT: Just wanted to add that if it is intended behaviour, there is no error that shows up that “You’ve accepted this invitation before” or something along those lines, or just redirect to wherever the arrive at topic is set to in the invitation.
I’ve updated to 2.8.12 (which according to the commit tag in the admin panel includes the fixes) and I now see an error message (on a test account) for attempting to accept an invite I’ve once accepted on the test account:
Which is great!
Although as someone already logged in, I didn’t expect the “Okta SSO” button to be displayed. When the button is clicked, it loops into SSO and then brings be back to the invite page. As the user is logged in, shouldn’t the login button be hidden to avoid confusion?