Passwordless signin via link generated by api

(Parinita Sandhu ) #1

Is it possible? I didn’t see this feature in api.
I saw that passwordless signin via email link is already planned. Maybe this feature would also be possible?
Use-case: users of my android application are signing in with discourse login api. Now in the application, I show some topics to the users which might be of their interest and want to post somthing. When they click on the topic name, I want to open a webpage with that topic being opened and they would be already logged in. They have already logged in to the app, and I dont want to show another loginpage to them.

Log in a user via the API
(Jay Pfaffman) #2

The easiest solution is to make your app’s server be the SSO master. You can search here for sso #howto.

(Parinita Sandhu ) #3

My problem is not SSO. Discourse is already the source of authentication for my users.
they login to my app, I do an api call to discourse to see if the user/pass is correct
now inside app there are some topics from my forum shown. I want the user to be able to click on that topic and a browser or perhaps webview would open that topic while the user is already logged in to the browser too.

(Sam Saffron) #4

If they get a user api key like our mobile app does then it solves both issues in one go, its a tricky protocol but was designed for this exact problem.

(Parinita Sandhu ) #5

I cant understand it @sam, How I can automatically login to a browser by user api key? Can you give me an example?

(Matt Palmer) #6

As Sam said, the official Discourse mobile app does it, and that’s open source.

(Parinita Sandhu ) #7

I’ve tested the mobile app already. I don’t know exactly but it seems it isn’t what I want. I did the following scenario:

1- login in the mobile app
2- went to chrome browser and logged out there
3- came back to mobile app, and I was logged out here too and it didn’t automatically login.

in the third step, I expect the mobile app to be able to automatically login me again.

(hosna) #8

Is there any plan to do this? Or should we go for a plugin? I also need this feature. And since it has already been implemented for email, I think its also possible for api to do it.

(Jeff Atwood) #9

@hosna the feature already exists; go to the homepage here, log out, and select “email” as login type.

It is default off though. Do you think we should make it default on for 2.2 @sam?

(hosna) #10


I want to generate passwordless signin link via api. I dont want to send the link via email

(Jeff Atwood) #11

Then you want SSO. Search for SSO here.

(hosna) #12

I think I also dont want SSO . As explained here by @parisa , I also have my application signing in with discourse api. Now I want to put a link to specific topic inside my application. When user clicks on it, they would be redirected to a specific topic, while they should be already sign in (they shouldn’t need to write their username and password)

(Jeff Atwood) #13

That’s SSO, exactly what you described.

(Sam Saffron) #14

Yes I would like to change this to default on. I just flicked this to enabled by default.