Possible to send an email login link via API?

Hello! I’m really enjoying using the Discourse API!

Following the guide on reverse engineering the API, I’ve hit an issue with getting the API to send a login link.

Background to why I’m doing this
I’ve made a SSO service for a local hackerspace so that users can log into our Discourse with the hackerspace membership system.

However, some people may have used a different email address in the membership system to Discourse, and as logging in locally is disabled with SSO enabled, I’d like for people to be able to click “Email me a login link” so that they can be logged in, and then go and update their email address if they choose to (or keep using the login link, whatever)

Aim
I’d like to send a login link to user @ domain .co.uk via the API.

I’ve tried this:

curl -X POST "https://discourse.<site>.org.uk/u/email-login" --data "{\"login\":\"user"%"40domain.co.uk\"}" -H "Api-Key: xxxxx" -H "Api-Username: system" -H "Content-Type: application/json"

What I get back is

<html><body>You are being <a href="https://discourse.<site>.org.uk/">redirected</a>.</body></html>

If I do not include the API key, I get [BAD CSRF] returned.

So what I’m stuck on, is just how can I get Discourse to email a login link to user @ domain .co.uk via the API?

Many thanks for any help, I’m going to keep on trying things and see what works.


P.s. I’d like not to have to use a hack like:
Make a request to /session/csrf and save the CSRF token
Then make a request to /u/email-login with the CSRF token.

Is it possible to do this just with an API key?

Thanks!
:slight_smile:

1 Like

Just to follow up, is using the CSRF route followed by the email link route the proper way of doing it?

Is there no implementation of this in the API when an API key is provided?

How does your SSO service interface with Discourse? If you’re using DiscourseConnect, then I think the /u/email-login endpoint will be disabled.

Thanks for your reply. And yes it’s using Discourse Connect.

See I thought that too so I disabled Discourse Connect and tried to get a login link sent but I couldn’t get it working and is how I got the output on my post above.

If getting an email link is disabled when Discourse Connect is enabled then I’ll need to rethink my approach as to how to link up accounts from the membership system SSO service to Discourse.

1 Like

The easiest way, as you mentioned, is for accounts to be matched up by email address. When that’s not possible, there are a couple of approaches we use:

  1. Match up users using some other unique identifier. You can pre-create DiscourseConnect associations for a user via the console. This will only work if you have some other identifier which is consistent between Discourse and the Identity Provider

  2. (most common) allow users to sign up for new accounts, then get them to message an admin and ask for the new account to be “merged” into the old one (using the button at the bottom of user admin page). This will automatically match up the emails, and create the DiscourseConnect association.

2 Likes

Thank you for your reply.

The approach of merging accounts is probably what I’ll go for.

It would be a great feature for this process to be self-serve - perhaps through an API where users can log themselves in through an email link where they can then update their email to sync the two.
Or perhaps by allowing a user to authenticate themselves by providing their Discourse email and password, alongside an updated email address.

Thanks again for your time.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.