According to this post, logging out from an SSO session is as easy as sending a POST request to /admin/users/{USER_ID}/log_out, which I managed to get working fairly easily. My question is, is there an equivalent for logging a user in? I tried /session/sso, but ended up getting a 401 error.
You can’t set cookies for another domain from the server, so that wouldn’t work 
Try giving the user a page with this on it:
<embed src="https://discourse.example.com/session/sso" onload="window.location='/login_finished'" width=0 height=0>
<div style="display:flex;justify-content:center;align-items:center">
<div class="loading-spinner">
<h1>Please wait, logging you into Discourse...</h1>
<aside><a href="/login_finished">Click here if you don't want to wait</a></aside>
</div>
2 Likes