Thanks for this post, which was invaluable in setting up a recent project, which required Salesforce login.
In our case, the Salesforce app was a Community, which meant we had to change some of the details above. I’m posting on this old thread in case it helps anyone else. It nearly broke my brain for a whole day.
However we still had problems with 403 Forbidden errors, which were plain unstyled HTML and didn’t look very much like a Discourse error to me, which led to much debugging of Salesforce and gnashing of teeth. But the problem was in Discourse.
Forbidden
You don’t have permission to access this resource.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
Although the redirect to Callback URL seemed to be working, the browser console registered authentication failures. In the end it was the unsetoauth2 callback user id path which was the cause of the authentication failure. Setting it to id fixed everything.
Thanks for the guidelines and we were able to successfully authenticate using Salesforce but we ran into an issue. Our SF objects/fields seems not being passed successfully to Discourse Since right after a successful SF login on Discourse, it seems Discourse treats it as new user and asking for username, email and name even if these should come from oauth2 json name, email, username fields.
May we ask help to know json format for SF objects/fields use on oauth2 plugin. We have tried object.field, object_field and just field. It seems not giving any error but still nothing is being passed from SF to Discourse via json too to recognize the login as not a new Discourse user.