Hi,
Issue
By using Discourse as SSO provider via the API (domain A), if you try to register on Discourse (domain B) with a social button, you don’t see immediately the create-account
modal, but instead you are back to the login
modal.
At this point, you need to close the login
modal, then you click on Sign Up
button and you see the create-account
modal you were supposed to see before.
Issue demo
Here a short video demo:
- Edge, with cache/cookies cleaned and no extensions.
- Using WP-Discourse set up to use Discourse as SSO provider (fastest way to show the issue)
What you see first is I’m clicking on the WP-Discourse SSO login link.
After clicking on the Facebook button, i’m redirected to the login modal
instead of create-account
.
Possible reason
We are using different domains for Discourse and from where the API is called.
To make sure issue is not from plugins/whatever, that’s something I was able to reproduce with a clean Wordpress (with WP-Discourse set up to use Discourse as SSO provider) and a clean Discourse. Both on different domains.
(Note: this not related to wp-discourse, this is just easier to show/test the issue. We can also reproduce it with our app which consumes the Discourse API and as SSO provider as well).
Others informations
- Discourse security settings disabled (not sure if has an effect, CSP disabled, same cookies to None or Disabled).
- Discourse up to date
- No issue with logging in with SSO
- Nothing in the browser console or Discourse logs
- If you experience the issue once with the SSO API, and you try to Social Sign Up directly on discourse, you will get the same issue. At this point, you need to clear your cookies/cache to make it work. (same issue reported here: Suggestion: unite the sign up & log in buttons)
Since Discourse is able to show the expected create-modal
with pre-filled fields after you click manually on Sign Up
, it makes me think there is a bug or a situation that Discourse could handle, am I wrong?
Is there something can be done to fix this behavior? Do we miss something?
Thanks!