Your example will work with “OAuth1a” version?
Just wanted to note that the solution does not work for hosted accounts that don’t have access to modify the source at the moment, exposing the Oauth2 configuration through the UI would be a really nice thing!
can i know, how the fb login in discourse work? and which source logic?
we have our own Oauth2 server, www.github.com/meruvian/yama, and real online version is www.merv.id
We want to make discourse as our forum, so we want to change the login using merv.id, or may be using anyone that implement our Yama.
any idea?
@eviltrout this request does come up a fair bit, people want to use their existing oauth as sso. Any thoughts on that?
we can add “generic oauth settings” but the trouble is that each oauth provider is quirkily a bit different.
It works now fine with plugins.
Issue is we do not have plugins on std and biz hosting. So there would need to be a default oauth plugin.
1 Like
I think we could try and create a default “generic” oauth plugin. Sam is right that each one I’ve done so far is slightly different but we could take a stab at extracting those differences into settings that people could configure.
I would need some example “plain” oauth sites to test out.
6 Likes
I took a stab at this this week and managed to come up with a Basic OAuth2 plugin that works. The caveat is you need to have a JSON endpoint on your server so that we can obtain other information about the user.
I tested it with SoundCloud as a provider, and it worked great. I’d love other people to give it a whirl and let me know feedback and I’m sure as we try it out with more providers we’ll find changes and configuration options that will be required.
10 Likes
hey!
thanks for the OAuth2 Provider. it’s working like a charm!
i have one question, which google couldn’t answer to me.
is it possible to combine the OAuth2 Plugin with the enable_sso plugin?
right now when i click the “login with provider” button it connects to our OAuth Provider and grabs all the information and pre-fills the registration form with the user data (like on meta.discourse.com, when i login with GitHub)
how can i skip the registration and directly create the account? so that the user doesn’t have to register again?
thanks for your help!
ben
No, SSO is mutually exclusive and disables all other forms of auth.
@DanielMarquard Were you successful in getting SSO via Blackboard. I’m thinking Discourse could be a great alternative to BB discussions.
I ended up not getting a contract for this project, so I didn’t pursue it further, but I think it could absolutely be done. Have you tried out the Discourse oAuth 2 plugin?
3 Likes
Is this still the case? I’ve been trying to close the same gap as @beanieboi described for so long to improve the experience and have a seamless experience for my customers but seems like there is no way around it. Any other suggestion to accomplish this?
Thanks in advance!
That is the case, that is the entire purpose of SSO – seamless magic login. Otherwise you want the oAuth 2 menu of providers.
1 Like
Here is my problem: SSO vs Oauth2 difference?
Seems like I’m confusing things then, or maybe the use case I want to cover isn’t possible.
SSO means: “I trust «other_site» to rely on ALL of my authentication and rely on it exclusively for this purpose.”
That other site could be anything - it could be your Corporate SSO site, it could be something horrible that trusts users completely, it could be a provider that requires an RSA key with certificates, heck it could even be (another) Discourse.
oauth2 means: “This is a login option for my site” such as Google oauth2.
If what you’re trying to do is this:
then you want to do as @sam mentioned and use the plugin (possibly extending it to specifically support your OAuth2 provider.
But if what you’re trying to do is this:
Then you need to write “SSO Provider” as Discourse doesn’t care what’s behind it.
16 Likes
Super clear. Thanks for taking the time to include diagrams, really neat!
7 Likes
I just added some new settings which makes this possible:
4 Likes
This topic was automatically closed after 5 hours. New replies are no longer allowed.