For about 4 weeks or longer I have been working on SSO between Auth0 and discourse, on and off. I have gone for different solutions and had to change my approach a few times. I am now at a point where I need further advice.
1- I started by using the SSO approach mentioned in this article:
Recently it has come to light that the redirect approach mentioned in this article (redirecting from auth0 rule to discourse via the SSO login url) results in an incomplete login on Auth0 end, hence a customer login is not registered, which impacts the SSO cookie etc on Auth0 side. So we have to move away from this approach.
2- I have now deployed the 0auth2 plugin and am using the approach specified below:
The issue I have now is the “requirement to verify email” before discourse creates the user record and logs the user in. Is there no way to turn this feature off via the dashboard config?
What is the best approach to work around this if the feature cant be turned off? I dont want the user to have to verify the email in discourse.
I have found a few articles but the seem overly complicated.