Pull user and password for custom app auth

(Stephen Kerr Jr) #1

I am developing a new c# application and I was wondering if I would be able to query the Discourse database for a username and password, check if the password matches, then return a success or failure message. I can achieve this via PHP and MySQL currently, but I am not sure if Discourse would allow me to write a PostgresSQL query to access the user and password table to check authentication against. Is this possible? Hopefully my explanation is clear enough.


(Stephen Kerr Jr) #2

I found this topic here:

But it doesn’t give a specific example of validating a password. It actually states there is no password to validate against due to socket auth. How would you suggest confirming the user’s login from a 3rd party c# application? Token-based Auth?


(Kane York) #3

Discourse can act as a provider of its own SSO, how about cooking up an implementation of that?

You have reference code in Discourse to go by for the client side already.

(Stephen Kerr Jr) #4

That is basically what I am looking for. Although as I was thinking a little more and I dont think I would be able to use social media logins if I am passing a username and password. Unless there is a simple way to possibly launch a browser, check if they are already logged in or have them login from that browser, then have the browser return a success or failure message… do you have further details on the code references?

(Stephen Kerr Jr) #5

You know, I was just thinking… I dont actually need to have the user put in their username or password…
All I would need to do is check to see if there is a user logged into discourse. if there is a user, i just need to retrieve what their username is. If there is not a user logged in, I would just need to open a browser and allow the user to login.

So is there an easy way to send a call to Discourse and find out if a user is currently logged in and determine what their username is?


(Stephen Kerr Jr) #6

Still looking for an easy way to call externally to a discourse forum and see if someone is already logged in or not. Does anyone know a good way to achieve this?

(Stephen Kerr Jr) #7

This might be what I am looking for:

now I will just have to test this out…

(Stephen Kerr Jr) #8

I attempted the above API call via PHP and had zero luck. Not sure what is happening, but I am definately not have much luck. Any suggestions for accessing the “current logged in user” via PHP API?

(Sam Saffron) #9

You can’t pull password period it is not stored in the DB. All we store is a salted hash.

The API for incoming SSO is documented in extreme detail here: Official Single-Sign-On for Discourse (sso)

(Jesper Enemark) #10

Say I have a 3rd party angular application that I want to authenticate on using existing users from discourse.

Is there a way to do a post request from my angular app to obtain a JWT upon a succesful post response?

Maybe this is not even relevant due to the fact you stated above about the database only storing hash values for the password.
I would rather not use SSO, but if it is the only way, I will.

I just wanted to get this cleared up since there are multiple on-going threads upon this exact topic.

(David Taylor) #11

SSO is the only supported way of using Discourse authentication in another application. Discourse has protections in place to prevent other sites POSTing a username/password, so I think you will find it extremely tricky to get around that.

(Jesper Enemark) #12

And thus my choices became singular, thank you for a quick response

(Jay Pfaffman) #13

And I’d think that if a work around were found, it would be patched quickly. :wink:

(Orlando Del Aguila) #14

Thanks for this, I was looking around how to do the same