I made some app which uses the Discourse API and SSO as provider.
Currently, the app is displayed inside an iframe and therefore for the social login to work properly, the /login page needs to be opened outside the iframe in a new browser tab.
So far, so good.
Issue
When a new user registers using a social button, he’s well redirected to the social site, and once he’s back to Discourse, this is where lies the issue: Discourse shows the login modal instead of the one with the username/email filled.
To see that modal to finalize your registration, you need to close the login modal, then clicking manually on the signup button.
Only for new user, logging in works as expected.
Did I miss something or is there some context Discourse does not handle properly? Technically it should be the same.
If you want to see a demo, please let me know, I can send you by PM a quick video (it shows private infos).
To be more precise, the app is used in a Chrome extension. We’re using an iframe because we have no choice at the moment. But, still, I’m not sure how it’s different to open programmatically from an iframe a new tab in the browser to /login or /signup directly and opening manually a tab and clicking on the login/signup button.
Is that something which can be fixed in Discourse?
Currently, we are using Discourses as SSO provider. Are there others ways?
If so, what would be the best way to achieve login/signup in this context?
I’m not embedding Discourse in a iframe. I’m using the API to show a topic messages.
I’m not trying to login/signup inside an iframe because social websites doesn’t allow to be displayed inside them.That’s why, when user clicks on a button inside the iframe, it opens a new browser tab to /login page on Discourse.
Technically, when user hits the login button, a new tab is opened with /session/sso_provider. return_sso_url will contain an url to backend to process the data, save the user’s session infos then responding some HTML to auto-close the window. The app then will detect it’s done and will be reloaded automatically so it can use the saved user’s session.
Even if the app was not in a iframe, It would likely happen the same. Since it’s a browser extension, you have no choice to open a new tab anyway. I’m wondering there are better ways to login/signup in this case.
EDIT: Here a demo (was not meant to public, but well, that the shortest way to show the issue and I feel like I don’t explain well enough) : snip, video removed, no one care anyway
EDIT2: Seems to happen only when using the API /session/sso_provider ; if I do open Discourse url directly (still from an iframe), it seems the issue doesn’t happen.
