Hi guys,
For about 4 weeks or longer I have been working on SSO between Auth0 and discourse, on and off. I have gone for different solutions and had to change my approach a few times. I am now at a point where I need further advice.
1- I started by using the SSO approach mentioned in this article:
Recently it has come to light that the redirect approach mentioned in this article (redirecting from auth0 rule to discourse via the SSO login url) results in an incomplete login on Auth0 end, hence a customer login is not registered, which impacts the SSO cookie etc on Auth0 side. So we have to move away from this approach.
2- I have now deployed the 0auth2 plugin and am using the approach specified below:
The issue I have now is the “requirement to verify email” before discourse creates the user record and logs the user in. Is there no way to turn this feature off via the dashboard config?
What is the best approach to work around this if the feature cant be turned off? I dont want the user to have to verify the email in discourse.
I have found a few articles but the seem overly complicated.
Okay can you look in your logs and see if you see anything? Also could you look at one of the new users and see if they actually have an email address?
hmm okay. See what you can find in /logs. I’m not really sure what is going on. I’ll have to login into my auth0 account and see if I can get it working again and see if I run into a similar issue.
strangely, when the auth0 lock widget pops up through oauth2 login, when i enter the username/password a fresh, i get valid json back. But if i click on the username that it already remembers (so not re-entering username/password) it gives me blank json.
hi blake, i have this working now, just need to figure out the silent auth bit (when auth lock widget comes up remembering previously used login), which i think is calling the authentication provider without the necessary scopes for the end point…
I have another issue though. The userId that is coming back from the userInfo json endpoint is a url namespace e.g. https://domain.user.id.
In the oauth2 plugin config i am specifying this domain as the userId field, but i think instead of taking that field from the json it seems to be trying to find “.id” at the “https://domain” --> “user” --> “id” node.