Background to why I’m doing this
I’ve made a SSO service for a local hackerspace so that users can log into our Discourse with the hackerspace membership system.
However, some people may have used a different email address in the membership system to Discourse, and as logging in locally is disabled with SSO enabled, I’d like for people to be able to click “Email me a login link” so that they can be logged in, and then go and update their email address if they choose to (or keep using the login link, whatever)
Aim
I’d like to send a login link to user @ domain .co.uk via the API.
<html><body>You are being <a href="https://discourse.<site>.org.uk/">redirected</a>.</body></html>
If I do not include the API key, I get [BAD CSRF] returned.
So what I’m stuck on, is just how can I get Discourse to email a login link to user @ domain .co.uk via the API?
Many thanks for any help, I’m going to keep on trying things and see what works.
P.s. I’d like not to have to use a hack like:
Make a request to /session/csrf and save the CSRF token
Then make a request to /u/email-login with the CSRF token.
See I thought that too so I disabled Discourse Connect and tried to get a login link sent but I couldn’t get it working and is how I got the output on my post above.
If getting an email link is disabled when Discourse Connect is enabled then I’ll need to rethink my approach as to how to link up accounts from the membership system SSO service to Discourse.
The easiest way, as you mentioned, is for accounts to be matched up by email address. When that’s not possible, there are a couple of approaches we use:
Match up users using some other unique identifier. You can pre-create DiscourseConnect associations for a user via the console. This will only work if you have some other identifier which is consistent between Discourse and the Identity Provider
(most common) allow users to sign up for new accounts, then get them to message an admin and ask for the new account to be “merged” into the old one (using the button at the bottom of user admin page). This will automatically match up the emails, and create the DiscourseConnect association.
The approach of merging accounts is probably what I’ll go for.
It would be a great feature for this process to be self-serve - perhaps through an API where users can log themselves in through an email link where they can then update their email to sync the two.
Or perhaps by allowing a user to authenticate themselves by providing their Discourse email and password, alongside an updated email address.