Hmm. I have heard that there are two ways to do the link between Discourse and a separate auth provider like cognito: the OpenId Plugin, or using Single Sign On for discourse.
I’m not familiar at all with the Single Sign On process, but could that be a way to do what I want–avoiding having users log in twice?
Or maybe just, when they sign in to my app, sending an API call to discourse and logging them in that way?
(the doc I linked to also talks about specifying group membership–I assume that would accomplish what I want in terms of saying only PAYING users can be in the group that is allowed to post)