Hello - I have seen some older posts on this but nothing current. I asked this question in the memberstack forum as well…
I am working on a project to build a new private/closed community and I am interested in using memberstack + webflow and SSO to discourse for the community platform. I am under the impression that this is now supported with custom SSO integration. I specifically need to make sure I can have users authenticated into webflow pages and then seamlessly navigate to Discourse community site. I have seen comments suggesting it’s possible and I’ve seen the Memberstack SSO doc, but looking to see if there is any more specific information related to discourse integration. Anyone using a setup like this using memberstack to manage SSO for Discourse? I need to test it out as soon as possible. Thanks.
Yes, this is now supported! Memberstack now allows you to use Memberstack as an OpenID Connect provider: https://docs.memberstack.com/hc/en-us/articles/8161104982043-Custom-SSO-Integrations. This will allow users to login to your Discourse site through Memberstack. If you configure your Discourse site so that OpenID Connect is the only available login option on the site, logging into Discourse from your Webflow pages will be a seamless process for your users. (Note: don’t remove the option to login to your Discourse site with a username/password until you’ve confirmed that OpenID Connect logins are working.)
For this to work you’ll need to have the Discourse OpenID Connect plugin installed on your Discourse site. Details about configuring that plugin are here: Discourse OpenID Connect.
I recommend watching the video in the Memberstack documentation that I linked to before attempting to configure OpenID Connect logins for your Discourse site. It takes you through the process of configuring Memberstack OpenID Connect logins to work with the test site at https://openidconnect.net/. After you’ve done that, setting up OpenID Connect authentication for Discourse should be a straightforward process.
If there are any existing Discourse sites that have configured OpenID Connect authentication with Memberstack, it would be great to hear from them.
@simon Thanks so much for the input and confirming this should work! I was hoping to get this kind of validation before I went too far down the path with Webflow. I am using this to run a pilot program and I want to test memberstack + webflow + discourse during the pilot. So this is just to prove out MVP and it’s very possible I will move to something very different longer term (except Discourse… definitely keeping that!).
Since this memberstack OpenID support is fairly new I would be happy to hear if there is anyone here who is actually using this kind of setup in production.
Hi! Were you able to implement a working solution for this? OpenID requires a business account on Discourse which is $300/mo! I was hoping to use DiscourseConnect SSO to achieve what you mentioned with Webflow and Memberstack!
As far as I know, a working solution was implemented with OpenID Connect.
I don’t think Webflow allow you to add server side code to your site. If that is correct, it will not be possible to use DiscourseConnect with Webflow.
@JammyDodger, this topic could be renamed to “Memberstack + Webflow + Discourse OpenID Connect.”
Hi all! I was able to get SSO for Discourse via my Memberstack login to work! Once I login via OpenID to my Discourse forum, I get a pop-up to “create my account” on the forum. Is this what is supposed to happen or should I be logging me in directly? I’ve included a screenshot of the pop-up I get once I login with my Memberstack info. Thanks in advance!
From your screenshot, it doesn’t look like your email address is being filled in on the login form. It’s been a while since I watched the Memberstack video (https://docs.memberstack.com/hc/en-us/articles/8161104982043-Custom-SSO-Integrations), but I think the Discourse openid_connect_authorize_scope site setting needs to be set to openid email profile so that both the email address and username are included in the payload that’s sent to Discourse.
I don’t have things setup to test this right now, but you might need to enable these settings to skip the create account popup (otherwise, the fields should still get filled in, but users will have to click the “Create your account” button):
auth skip create confirm (definitely needs to be enabled to skip the create account popup)
auth overrides email
auth overrides username
auth overrides name
The easiest way to test this out is if you’ve got a non-admin account on your Webflow site. That way, you can try logging in as that user multiple times, and just delete their account on Discourse if it’s not working as expected.
Thank you SO much Simon! Adding in those additional items in “openid_connect_authorize_scope” fixed it and enabling “auth skip create confirm” skips the popup and goes directly to the forum homepage! I enabled " openid connect overrides email" - what does this do?
And is there a way to set the “Sign Up” button on Discourse to navigate out to a custom sign up page I have on my website? Currently clicking “Sign Up” logs me in via OpenID but I’d like it to link to a specific page on my website.
Thank you for all your help, it’s been invaluable!
Right, for OpenID Connect, the setting is called openid connect overrides email, not auth overrides email. When it’s enabled, every time a user logs into Discourse through OpenID Connect, their Discourse email will be set to the value of the email address they use on the OpenID Connect auth provider site. That means that if a user has changed their email address on Discourse, it will automatically get reset to the value of the email address they use on Memberstack.
You can actually disable the email editable site setting to prevent any issues with emails getting out of sync with the auth provider. So if you disable email editable and enable openid connect overrides email, users will only be able to change their email address by changing it on Memberstack, then logging into Discourse via Memberstack.
I don’t think so. After someone clicks the “Sign Up” button on Discourse, Discourse will redirect them to the authorization_endpoint that’s provided by Memberstack. Possibly Memberstack allows this to be configurable, but you’d need to contact them to find out.
Another possible approach is that it might be possible to add a link to the page custom page to the Discourse header. Maybe with this theme component: Custom Header Links. Ideally you’d be able to hide the link from logged in users with some CSS.
