I am using OAuth now but it is messy and confusing to my users so I want to switch to full SSO.
What does your WordPress registration form look like? Is it similar to the screenshot that I posted above?
If it is, then you are using the default WordPress registration system. For this case, there shouldn’t be any problems for existing Discourse users logging into their Discourse accounts. If you’re not using the default WordPress registration process, then there will be some issues to sort out for users who created their Discourse accounts prior to SSO being enabled.
I will have to expose a registration page because currently users sign up by subscribing to a membership on the site with a form that takes their email, etc. I will have to add a way to register without a subscription for users who have legacy discourse accounts.
Will I have to worry about current WP users if they signed up using a non-traditional (via Paid Memberships Pro plugin) registration?
PMP uses WordPress user accounts, there’s no problem there. Any users created via the PMP process will be accessible to Discourse SSO via WP-Discourse.
Did you already find the code sample which allows PMP memberships to be reflected in Discourse groups?
I have not seen that sample, it would be very helpful!
Check out this post by @simon
Users who created their WordPress accounts prior to enabling SSO with WP Discourse will be considered to have valid email addresses. The only issue with using non-default registration systems once SSO has been enabled is that user’s email addresses will be marked as invalid. The plugin supplies a hook that you can use to validate your user’s email addresses. Using the hook requires adding a few lines of code to your site. There are details about how to use it here: How to turn off Discourse email verification?.
Dylan: Sorry, this is a bit of a tangent, but how do you find Paid Memberships Pro? I bought Memberpress (they don’t do a free or trial version) and whilst it’s functional, it is a bit clunky. I’d love to hear your experience of Paid Memberships Pro!
I’m not Dylan, but I have six clients running PMP between their sites/communities.
It’s proven very effective for them, allowing them to extend their on-site offerings into the community with relative ease.
There have been a few issues with membership based pricing and discounts being reflected when used with WooCommerce, but their support guys have worked pretty hard to resolve, in some cases going to far as writing custom code.
Oh, that’s good to know. I’ve no plans to use WooCommerce, so I guess the key thing is whether it’s possible to have the memberships connected to Discourse groups. My developer has connected the memberships in Memberpress to automatically attach a user to the Members Group in Discourse, so that I can provide access to a private set of categories. I assume the same thing will be possible with PMP.
Yes thats what the code sample linked above achieves.
Ah! Awesome! Thanks!
I’ve honestly looked at about a dozen membership solutions, from $15k per annum hosted solutions through to free plug-ins, and I’d honestly hoped I was past this bit of the project. But before launch would be the time to change my mind if I’m going to…
If you want any assistance you can always ask here.
I look after a number of private communities and have seen pretty much every permutation of CMS, SSO and membership product over the past five years. A number of us can assist on your overall architecture if you’re interested in a more formal engagement via the #marketplace.
Thanks, Stephen, that’s really good to know!
I’d go with solid. It does the trick but there are some weird fluky things about it overall. My integration with Discourse is one of the primary things that I need to improve. Would be happy to exchange some DMs if you have questions.
Thanks! I’ve had a poke about this afternoon, and I think it might take just a bit too much fiddling with the PHP than I am comfortable with!
Adding the linked code to your theme’s function.php is pretty straightforward. Is there anything else you need to implement?
So the easiest method seems to be to just disable email verification if I want to make things straightforward. The downside to that would be that people could “hijack” someone’s account if it is already existing and they sign up for WordPress using the existing email, right?
Yes, that’s the risk. If your WordPress registration process allows users to register and login to your site without having to confirm their email address, then users can signup with any email address that doesn’t already exist in your WordPress database.
In terms of SSO, the main risk in marking unverified email addresses as verified is that an account that exists on your Discourse site that is not yet associated with a WordPress account could be taken over.
I looked at a couple of the add-ons that I’d need, and at first glance they seem a bit more complex to install than I’m comfortable with. Given that I’ve already paid for Memberpress, PMP would have to be significantly better than Memberpress to make it worth switching and paying again, and I’m not quite sure that it is!