Issue with social login modal (new user) when /login is opened programmatically in an iframe

Hello,

Context

I made some app which uses the Discourse API and SSO as provider.
Currently, the app is displayed inside an iframe and therefore for the social login to work properly, the /login page needs to be opened outside the iframe in a new browser tab.
So far, so good.

Issue

When a new user registers using a social button, he’s well redirected to the social site, and once he’s back to Discourse, this is where lies the issue: Discourse shows the login modal instead of the one with the username/email filled.
To see that modal to finalize your registration, you need to close the login modal, then clicking manually on the signup button.

Only for new user, logging in works as expected.
Did I miss something or is there some context Discourse does not handle properly? Technically it should be the same.

If you want to see a demo, please let me know, I can send you by PM a quick video (it shows private infos).

Any help is welcomed!

1 Like

Are you on the latest version of Discourse?

1 Like

Yes. (sorry for non-English texts, I’m working for a client using Hebrew)

1 Like

Any help on this, please?

To be more precise, the app is used in a Chrome extension. We’re using an iframe because we have no choice at the moment. But, still, I’m not sure how it’s different to open programmatically from an iframe a new tab in the browser to /login or /signup directly and opening manually a tab and clicking on the login/signup button.

Is that something which can be fixed in Discourse?

Currently, we are using Discourses as SSO provider. Are there others ways?
If so, what would be the best way to achieve login/signup in this context?

How have you implemented this? It sounds like some cookies/session are being lost somewhere.

In general we do not support using Discourse in an iFrame. As you’ve found, there are weird quirks which can cause issues.

1 Like

I’m not embedding Discourse in a iframe. I’m using the API to show a topic messages.

I’m not trying to login/signup inside an iframe because social websites doesn’t allow to be displayed inside them.That’s why, when user clicks on a button inside the iframe, it opens a new browser tab to /login page on Discourse.

Technically, when user hits the login button, a new tab is opened with /session/sso_provider. return_sso_url will contain an url to backend to process the data, save the user’s session infos then responding some HTML to auto-close the window. The app then will detect it’s done and will be reloaded automatically so it can use the saved user’s session.

Even if the app was not in a iframe, It would likely happen the same. Since it’s a browser extension, you have no choice to open a new tab anyway. I’m wondering there are better ways to login/signup in this case.

EDIT: Here a demo (was not meant to public, but well, that the shortest way to show the issue and I feel like I don’t explain well enough) :
snip, video removed, no one care anyway
EDIT2: Seems to happen only when using the API /session/sso_provider ; if I do open Discourse url directly (still from an iframe), it seems the issue doesn’t happen.