Is it Possible to Send Encrypted Email and Password in the Authentication Flow?

Kon · July 21, 2025, 10:58am

Hi all,

I’m exploring a use case where we would need to send encrypted email addresses and passwords as part of the authentication flow in Discourse. Before proceeding further, I wanted to check if this functionality is possible within Discourse.

Specifically, we need to ensure that the email and password are encrypted during transmission, both for security and compliance reasons. Has anyone worked on or encountered a similar scenario? Are there any built-in features or recommended approaches for handling this securely within the Discourse authentication flow?

Looking forward to your insights!

Thanks in advance!

pfaffman · July 21, 2025, 3:41pm

I think if you just follow Use Discourse as an identity provider (SSO, DiscourseConnect) or Setup DiscourseConnect - Official Single-Sign-On for Discourse (sso) then everything is encrypted between the server and client.

If you don’t want discourse to know the email actual email addresses, things will be harder.

Topic		Replies	Views
How to encrypt the email addresses for compliance with privacy and PII laws? Feature privacy	4	1805	February 12, 2015
Hiding or encrypting SMTP password required in app.yml Installation	7	1322	April 26, 2017
Should the password be plain text when creating a user through the API? Dev	6	1206	June 19, 2020
Unable to send mails using Discourse Installation email	3	1313	June 8, 2024
Installing Discourse with digest_md5 mail authentication Installation email	5	1020	May 26, 2019

Is it Possible to Send Encrypted Email and Password in the Authentication Flow?

Related topics