I’ve managed to make it work, and was able to not only login to my Discourse instance using my Keycloak credentials, but also associate an already-existing Discourse account with the one from OIDC. Unfortunately, I made a mistake when setting up the Keycloak container and I ended up losing its configuration and database.
I’ve since reinstalled Keycloak (properly this time!) and reconfigured Discourse to use the new Client ID, but while it seems that the integration is working (enabling the logs in /logs shows that the authentication actually worked), I can’t seem to associate Discourse accounts with OIDC accounts anymore.
When I try to log into Discourse, I use OIDC, am greeted by the new account UI, and then click the link to associate with an already existing account; I log in, am redirected to Discourse, and if I log out and log in again, I see the same new account UI.
I used the Data Explorer plugin to look at associations, and my user shows up as NULL; the provider ID matches the User ID in Keycloak, though.
I have the “OpenID Connect allow association change” option turned on.
I imagine that Discourse is still hanging onto whatever was there from my previous Keycloak installation, and just changing the new Client ID isn’t doing the trick.
Is there something else I should look into that I may have overlooked?
I wasn’t using the same email address between the accounts, but I’ve changed it on Keycloak to match the one used in Discourse, and it’s still the same. The response in Data Explorer is the same (“NULL” user).
I tried creating a new, fresh user, and I’m getting a “Invalid username, email or password” error, even though the username is perfectly fine and available, the email is valid, and the password has been generated by my password manager. This is most likely unrelated but it’s something else I need to figure out why it’s happening.
I’m experiencing the same issue here. I have a Nextcloud instance set up as an OIDC provider, though that’s probably not relevant to the problem.
I can log in using my Nextcloud credentials. As described above, I’m then prompted to either register a new account or log in with an existing one. However, no link is established with the existing account via the email address.
If I select “Register,” I’m immediately redirected back to the homepage in a logged-out state, and I have to log in again. No error message is displayed.
That’s quite strange.
Everything works fine when I log in with an OIDC account that doesn’t have a matching Discourse account. In that case, a new account is created immediately, and the linked account also appears in the user settings.
Perhaps someone else has an idea about what I might be doing wrong, or it turns out there’s a bug after all.