Yes, this is one possible setup for the official WP Discourse plugin (just an example of the SSO provider / SSO client relationship).
If this site you’re starting is another Discourse instance it may be possible, too, but I don’t know if there’s any documentation here on meta on this approach.
This is not possible. You can’t get private user data from any external website without an additional security step, in this case in the form of the sso provider secrets
used when doing the SSO flow.