Invites compatibility with SSO

rfc

(Vinoth Kannan) #1

First of all I am not requesting for Invites feature which is currently not compatible when SSO enabled. I just got a thought to have Invites feature working even if SSO enabled. So am just sharing it and looking for others view.

As per @codinghorror’s above post the problem with invite feature is it will bypass the parent site authentication methods when we use SSO.

Here instead of activating new user’s invitation on discourse itself can we send it to parent site as sso payload?

Currently parent sites are returning external id, username, email address, etc… in payload to discourse with original nonce. With this same mechanism can discourse send invited email address to parent site with nonce when a new user accept the signup invitation? So the parent site can decide whether activate the user instantly using only email address or requesting user to compete more signup steps.

After all parent site should return the user fields with original nonce to discourse as always.

I don’t know how much it is possible. If you have questions with my thought please feel free to ask.


(Sam Saffron) #2

This did pop up on McNeel (an enterprise customer)

@BrianGillespie suggested we simply just send an email and bypass account staging.


(Vinoth Kannan) #3

additionally if the email address passed to sso though payload it will be very helpful.