Login to discourse website automatically

What would you like done?

I have a mobile application. Discourse is my source of authentication. To login to the mobile app, user needs to write their username and password. Then I will do a login api call to discourse, to authenticate user.
Now there are some links in the mobile app to discourse forum. I want the user to automatically login to forum when they click on the links. Its a really bad user experience when users need to write their passwords twice now. The first one is when they want to login to app, and then the second one is when they want to be login in forum.
Since passwordless login via a link being send to user email is possible, I think this procedure should be possible too. Perhaps with a simple plugin.

When do you need it done?
1 week.

What is your budget, in $ USD that you can offer for this task?
300$

2 Likes

This is not possible? Or the offer is low? :thinking:

Hey :slight_smile:

This is actually a bit more involved than it may seem.

The way login by email works is that when you click the “with email” button in the login modal a token is generated, specific to that user and stored in email_tokens. You can see that token in the link (the string of numbers and letters)

http://localhost:3000/session/email-login/69c4953ff0726b5f4c2b26c1e3563b79

You’d have to generate this token for the links in your app each time the user logs into your app. I don’t think (?) this functionality is exposed via the API currently so you’d first need to set up an endpoint.

That endpoint would have to be protected by authentication. You’d need a way of handling that in your app. Perhaps you have that already?

Then you’d need to consider things like token expiry. How long should the token remain valid? How do you fetch a new one and update the links once it expires?

It feels like there should be a better way of handling this issue than retro-fitting this feature.

Yes. I exactly was thinking about this myself. And since the login with email is already done, it should also be possible. Idk about the actual implementation. Maybe it should be done with a plugin. If you can do it, let me know.

Yes authentication is done by discourse login api. And there is no problem with it.

does login with email link has expiry value? we can use the same thing or somthing similar.
Other things like fetching a new token is going to be done by the app itself.

Yes, email token expiry is set by the “email token valid hours” site setting.

So basically you want a plugin that adds an endpoint to create and return an email_token for a user and you’ll call it on a regular basis when the tokens expire?

That will do the job for me.

And also since I want to send user to a specific topic, if the topic id or link would be added and after login, user would be redirected to that, It would make it perfect.

Would another approach to be to have the links in the app point to your own backend. When you click it at that point an appropriate link is created and the client redirected, somehow, to go to the right place.
Would mean you don’t need to generate authentication links before a user clicks on them

1 Like

Yeah that’s probably more efficient on the app-side of things. I think the endpoint in Discourse would still be the same though.

With this way, how we make sure user is authenticated?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.