Issue with Discourse as SSO provider & Social Sign Up

Hi,

Issue

By using Discourse as SSO provider via the API (domain A), if you try to register on Discourse (domain B) with a social button, you don’t see immediately the create-account modal, but instead you are back to the login modal.

At this point, you need to close the login modal, then you click on Sign Up button and you see the create-account modal you were supposed to see before.

Issue demo

Here a short video demo:

  • Edge, with cache/cookies cleaned and no extensions.
  • Using WP-Discourse set up to use Discourse as SSO provider (fastest way to show the issue)

What you see first is I’m clicking on the WP-Discourse SSO login link.
After clicking on the Facebook button, i’m redirected to the login modal instead of create-account.

Possible reason

We are using different domains for Discourse and from where the API is called.

To make sure issue is not from plugins/whatever, that’s something I was able to reproduce with a clean Wordpress (with WP-Discourse set up to use Discourse as SSO provider) and a clean Discourse. Both on different domains.

(Note: this not related to wp-discourse, this is just easier to show/test the issue. We can also reproduce it with our app which consumes the Discourse API and as SSO provider as well).

Others informations

  • Discourse security settings disabled (not sure if has an effect, CSP disabled, same cookies to None or Disabled).
  • Discourse up to date
  • No issue with logging in with SSO
  • Nothing in the browser console or Discourse logs
  • If you experience the issue once with the SSO API, and you try to Social Sign Up directly on discourse, you will get the same issue. At this point, you need to clear your cookies/cache to make it work. (same issue reported here: Suggestion: unite the sign up & log in buttons)

Since Discourse is able to show the expected create-modal with pre-filled fields after you click manually on Sign Up, it makes me think there is a bug or a situation that Discourse could handle, am I wrong?

Is there something can be done to fix this behavior? Do we miss something?

Thanks!

5 Likes

Is this bug that unimportant to be ignored again?

I reported a similar issue in January but here you can see a minimalist reproduction with nothing else with vanilla discourse and an official SSO implementation. If anything, I would like someone to either acknowledge there is a bug or saying what we’re doing is wrong.

How do we get attention to this issue? Is it possible to hire team members if money is an issue?

– A frustrated client & dev.

1 Like

Hi, I’ve set up wp-discourse on a default Wordpress installation, set WP as SSO client and configured Facebook login on Discourse. Both websites are hosted on different domains.

I’ll let both websites public for a few days/weeks so anyone with a Facebook account can test and see the issue by themselves.

edit : deleted my dev discourse, but that was doing the same exact thing as in arkshine’s video anyway.

Click “login with Facebook” and see the same popup show up again instead of showing the “Create New Account” popup with pre-filled fields.

3 Likes