Overview: Single Sign-On (SSO) / OAuth2 (is this chart correct?)

I’m slightly confused between SSO, OAuth2, etc. so I tried to create a simple chart to get a general understanding. Is this correct?

[I’m not a developer but I need to understand this to make some decisions - thanks!]

1 Like

Yes, that’s pretty much it.

For reference here are exemplar login sequences without SSO - note that Discourse has to understand how to interface with each possible backend:

Here is an example with SSO - note that Discourse only communicates with a Single system - whatever happens behind that (username/password, oAuth2, fingerprints, RFID card, blood sample, retinal scanner) is of no concern to Discourse:

11 Likes

Great, thank you, very helpful!

2 Likes

Another helpful discussion regarding SSO and the levels of spam protection, linked here for reference