Thanks, Stephen, that’s really good to know!
I’d go with solid. It does the trick but there are some weird fluky things about it overall. My integration with Discourse is one of the primary things that I need to improve. Would be happy to exchange some DMs if you have questions.
Thanks! I’ve had a poke about this afternoon, and I think it might take just a bit too much fiddling with the PHP than I am comfortable with!
Adding the linked code to your theme’s function.php is pretty straightforward. Is there anything else you need to implement?
So the easiest method seems to be to just disable email verification if I want to make things straightforward. The downside to that would be that people could “hijack” someone’s account if it is already existing and they sign up for WordPress using the existing email, right?
Yes, that’s the risk. If your WordPress registration process allows users to register and login to your site without having to confirm their email address, then users can signup with any email address that doesn’t already exist in your WordPress database.
In terms of SSO, the main risk in marking unverified email addresses as verified is that an account that exists on your Discourse site that is not yet associated with a WordPress account could be taken over.
I looked at a couple of the add-ons that I’d need, and at first glance they seem a bit more complex to install than I’m comfortable with. Given that I’ve already paid for Memberpress, PMP would have to be significantly better than Memberpress to make it worth switching and paying again, and I’m not quite sure that it is!
Would it make any sense to “import” Discourse users that don’t exist into WordPress before enabling SSO so that all they have to do is reset their password?
Yes, importing your Discourse users to WordPress prior to enabling SSO would solve the email verification issue. I’d like to find a more straightforward way of dealing with the issue though.
So, another question:
At the moment, when a user subscribes, they are automatically added to a Members group in Discourse to give them access to our locked categories.
So when a user cancels their subscription in Memberpress, is it possible for that to be passed through to Discourse to remove them from the Members group, so that they can only access the public content?
There are a couple of ways that users can be added to and removed from groups. The easiest way to do it is to use the add_groups
and remove_groups
SSO parameters. That approach is outlined here: Bring over permission level from WordPress MemberPress - #2 by simon. The issue with this approach is that it requires users to log out and log back in again before their group memberships will get updated.
The other approach is to use the add_user_to_discourse_group
and remove_user_from_discourse_group
functions that are outlined in this topic: Manage group membership in Discourse with WP Discourse SSO. The benefi of that approach is that it’s not dependant on the user logging out - their membership levels will be changed as soon as the functions are called.
Brilliant. Thank you so much Simon!
Before I do this, is there any potential downside or risk as far as importing all of the users?
They will just have to create a new password to login again, right?
The biggest risk I can think of would be if something goes wrong during the import process. It would be good to test it out the process with a throw-away gmail account before importing all of your users. That will also let you see what the password reset process will be like from the user’s point of view.
Once I import all Discourse users into WP and enable SSO with WP as the provider. I’ll want to check both of these boxes, correct?
This will sync a user with the same email address and create users in Discourse that don’t already have a discourse account w/ that email address?
No, you do not need to enable either of those webhook settings. The SSO Provider code will take care of that for you.
You may want to enable the ‘Create or Sync Discourse Users on Login’ option that is found on the SSO Provider tab. When that setting is enabled, Discourse users will be automatically created when a user first logs into WordPress. Enabling this setting isn’t required to deal with the users you are importing into WordPress from Discourse.
Thanks. I was thinking more about current WordPress users that might not be in Discourse yet. Will they just get created on first login?
Or current WordPress users that might have an email match in Discourse but aren’t linked yet.
Yes, existing WordPress users who do not yet have accounts on Discourse will have accounts created for them when the first login to Discourse with SSO.
If you would like Discourse users to be automatically created before users login to your Discourse site, enable the ‘Create or Sync Discourse Users on Login’ option on the plugin’s SSO Provider tab. This will cause Discourse users to be created when they login to your WordPress site.