Passwordless signin via link generated by api


(pari) #1

Is it possible? I didn’t see this feature in api.
I saw that passwordless signin via email link is already planned. Maybe this feature would also be possible?
Use-case: users of my android application are signing in with discourse login api. Now in the application, I show some topics to the users which might be of their interest and want to post somthing. When they click on the topic name, I want to open a webpage with that topic being opened and they would be already logged in. They have already logged in to the app, and I dont want to show another loginpage to them.


Log in a user via the API
(Jay Pfaffman) #2

The easiest solution is to make your app’s server be the SSO master. You can search here for sso #howto.


(pari) #3

My problem is not SSO. Discourse is already the source of authentication for my users.
they login to my app, I do an api call to discourse to see if the user/pass is correct
now inside app there are some topics from my forum shown. I want the user to be able to click on that topic and a browser or perhaps webview would open that topic while the user is already logged in to the browser too.


(Sam Saffron) #4

If they get a user api key like our mobile app does then it solves both issues in one go, its a tricky protocol but was designed for this exact problem.


(pari) #5

I cant understand it @sam, How I can automatically login to a browser by user api key? Can you give me an example?


(Matt Palmer) #6

As Sam said, the official Discourse mobile app does it, and that’s open source.


(pari) #7

I’ve tested the mobile app already. I don’t know exactly but it seems it isn’t what I want. I did the following scenario:

1- login in the mobile app
2- went to chrome browser and logged out there
3- came back to mobile app, and I was logged out here too and it didn’t automatically login.

in the third step, I expect the mobile app to be able to automatically login me again.