إعداد DiscourseConnect - تسجيل الدخول الموحد الرسمي لـ Discourse (sso)

توثيق التكاملات
, , ,
1

DiscourseConnect is a core Discourse feature that allows you to configure “Single Sign-On (SSO)” to completely outsource all user registration and login from Discourse to another site. Offered to our pro, business and enterprise hosting customers.

:information_source: (Feb 2021) ‘Discourse SSO’ is now ‘DiscourseConnect’. If you are running an old version of Discourse, the settings below will be named sso_... rather than discourse_connect_...

The Problem

Many sites wishing to integrate with a Discourse site want to keep all user registration in a separate site. In such a setup all login operations should be outsourced to that different site.

What if I would like SSO in conjunction with existing auth?

The intention around DiscourseConnect is to replace Discourse authentication, if you would like to add a new provider see existing plugins such as: Discourse VK Authentication (vkontakte)

Enabling DiscourseConnect

To enable DiscourseConnect you have 3 settings you need to fill out:

Screenshot 2021-02-11 at 12.40.34
Screenshot 2021-02-11 at 12.40.341632×474 119 KB

enable_discourse_connect : must be enabled, global switch
discourse_connect_url: the offsite URL users will be sent to when attempting to log on
discourse_connect_secret: a secret string used to hash SSO payloads. Ensures payloads are authentic.

Once enable_discourse_connect is set to true:

  • Clicking on login or avatar will, redirect you to /session/sso which in turn will redirect users to discourse_connect_url with a signed payload.
  • Users will not be allowed to “change password”. That field is removed from the user profile.
  • Users will no longer be able to use Discourse auth (username/password, google, etc)

What if you check it by mistake?

See: Log back in as admin after locking yourself out with read-only mode or an invalid SSO configuration

Implementing DiscourseConnect on your site

:warning: Discourse uses emails to map external users to Discourse users, and assumes that external emails are secure. IF YOU DO NOT VALIDATE EMAIL ADDRESSES BEFORE SENDING THEM TO DISCOURSE, YOUR SITE WILL BE EXTREMELY VULNERABLE!

Alternatively, if you insist on sending unvalidated emails BE SURE to set require_activation=true, this will force all emails to be validated by Discourse. WE STILL STRONGLY ADVISE THAT YOU DO NOT DO THIS, so if you proceed with that setting enabled, you are assuming substantial risk.

Discourse will redirect clients to discourse_connect_url with a signed payload: (say discourse_connect_url is https://somesite.com/sso)

You will receive incoming traffic with the following

https://somesite.com/sso?sso=PAYLOAD&sig=SIG

The payload is a Base64 encoded string comprising of a nonce, and a return_sso_url. The payload is always a valid querystring.

For example, if the nonce is ABCD. raw_payload will be:

nonce=ABCD&return_sso_url=https%3A%2F%2Fdiscourse_site%2Fsession%2Fsso_login, this raw payload is base 64 encoded.

The endpoint being called must

  1. Validate the signature: ensure that HMAC-SHA256 of PAYLOAD (using discourse_connect_secret, as the key) is equal to the sig (sig will be hex encoded).
  2. Perform whatever authentication it has to
  3. Create a new url-encoded payload with at least nonce, email, and external_id. You can also provide some additional data, here’s a list of all keys that Discourse will understand:
    • nonce should be copied from the input payload
    • email must be a verified email address. If the email address has not been verified, set require_activation to “true”.
    • external_id is any string unique to the user that will never change, even if their email, name, etc change. The suggested value is your database’s ‘id’ row number.
    • username will become the username on Discourse if the user is new or SiteSetting.auth_overrides_username is set.
    • name will become the full name on Discourse if the user is new or SiteSetting.auth_overrides_name is set.
    • avatar_url will be downloaded and set as the user’s avatar if the user is new or SiteSetting.discourse_connect_overrides_avatar is set.
    • avatar_force_update is a boolean field. If set to true, it will force Discourse to update the user’s avatar, whether avatar_url has changed or not.
    • bio will become the contents of the user’s bio if the user is new, their bio is empty or SiteSetting.discourse_connect_overrides_bio is set.
    • Additional boolean (“true” or “false”) fields are: admin, moderator, suppress_welcome_message
  4. Base64 encode payload
  5. Calculate a HMAC-SHA256 hash of the payload using discourse_connect_secret as the key and Base64 encoded payload as text
  6. Redirect back to the return_sso_url with an sso and sig query parameter (http://discourse_site/session/sso_login?sso=payload&sig=sig)

Discourse will validate that the nonce is valid, and if valid, it will expire it right away so it can not be used again. Then, it will attempt to:

  1. Log the user on by looking up an already associated external_id in the SingleSignOnRecord model
  2. Log the user on by using the email provided (updating external_id) (unless require_activation = true)
  3. Create a new account for the user providing (email, username, name) updating external_id

Security concerns

The nonce (one time token) will expire automatically after 10 minutes. This means that as soon as the user is redirected to your site they have 10 minutes to log in / create a new account.

The protocol is safe against replay attacks as nonce may only be used once. The nonce is tied to the current browser session to protect against CSRF attacks.

Specifying group membership

If the discourse connect overrides groups option is specified, Discourse will consider the comma separated list of groups passed in groups.

Screenshot 2021-02-11 at 12.35.15
Screenshot 2021-02-11 at 12.35.151554×156 53.1 KB

Aside from groups, you may also specify group membership in your SSO payload using the add_groups and remove_groups attributes regardless of the discourse connect overrides groups option.

add_groups is a comma delimited list of group names we will ensure the user is a member of.
remove_groups is a comma delimited list of group names we will ensure the user is not a member of.

Reference implementation

Discourse contains a reference implementation of the SSO class:

A trivial implementation would be:

class DiscourseSsoController < ApplicationController
  def sso
    secret = "MY_SECRET_STRING"
    sso = DiscourseApi::SingleSignOn.parse(request.query_string, secret)
    sso.email = "user@email.com"
    sso.name = "Bill Hicks"
    sso.username = "bill@hicks.com"
    sso.external_id = "123" # unique id for each user of your application
    sso.sso_secret = secret

    redirect_to sso.to_url("http://l.discourse/session/sso_login")
  end
end

Transitioning to and from single sign on.

As long as the require_activation parameter is not set to true in the request payload, the system will trusts emails provided by the single sign on endpoint. This means that if you had an existing account in the past on Discourse with DiscourseConnect disabled, DiscourseConnect will simply re-use it and avoid creating a new account.

If you ever turn off DiscourseConnect, users will be able to reset passwords and gain access back to their accounts.

Real world example:

Given the following settings:

Discourse domain: http://discuss.example.com
DiscourseConnect url : http://www.example.com/discourse/sso
DiscourseConnect secret: d836444a9e4084d5b224a60c208dce14
Email validated: No (add require_activation=true to the payload)

User attempt to login

  • Nonce is generated: cb68251eefb5211e58c00ff1395f0c0b

  • Raw payload is generated: nonce=cb68251eefb5211e58c00ff1395f0c0b

  • Payload is Base64 encoded: bm9uY2U9Y2I2ODI1MWVlZmI1MjExZTU4YzAwZmYxMzk1ZjBjMGI=

  • Payload is URL encoded: bm9uY2U9Y2I2ODI1MWVlZmI1MjExZTU4YzAwZmYxMzk1ZjBjMGI%3D

  • HMAC-SHA256 is generated on the Base64 encoded Payload: 1ce1494f94484b6f6a092be9b15ccc1cdafb1f8460a3838fbb0e0883c4390471

Finally browser is redirected to:

http://www.example.com/discourse/sso?sso=bm9uY2U9Y2I2ODI1MWVlZmI1MjExZTU4YzAwZmYxMzk1ZjBjMGI%3D&sig=1ce1494f94484b6f6a092be9b15ccc1cdafb1f8460a3838fbb0e0883c4390471

On the other end

  1. Payload is validated using HMAC-SHA256, if the sig mismatches, process aborts.
  2. By reversing the steps above nonce is extracted.

User logs in:

name: sam
external_id: hello123
email: test@test.com
username: samsam
require_activation: true

Unsigned payload is generated:

nonce=cb68251eefb5211e58c00ff1395f0c0b&name=sam&username=samsam&email=test%40test.com&external_id=hello123&require_activation=true

order does not matter, values are URL encoded

Payload is Base64 encoded

bm9uY2U9Y2I2ODI1MWVlZmI1MjExZTU4YzAwZmYxMzk1ZjBjMGImbmFtZT1zYW0mdXNlcm5hbWU9c2Ftc2FtJmVtYWlsPXRlc3QlNDB0ZXN0LmNvbSZleHRlcm5hbF9pZD1oZWxsbzEyMyZyZXF1aXJlX2FjdGl2YXRpb249dHJ1ZQ==

Payload is URL encoded

bm9uY2U9Y2I2ODI1MWVlZmI1MjExZTU4YzAwZmYxMzk1ZjBjMGImbmFtZT1zYW0mdXNlcm5hbWU9c2Ftc2FtJmVtYWlsPXRlc3QlNDB0ZXN0LmNvbSZleHRlcm5hbF9pZD1oZWxsbzEyMyZyZXF1aXJlX2FjdGl2YXRpb249dHJ1ZQ%3D%3D

Base64 encoded Payload is signed

3d7e5ac755a87ae3ccf90272644ed2207984db03cf020377c8b92ff51be3abc3

Browser redirects to:

http://discuss.example.com/session/sso_login?sso=bm9uY2U9Y2I2ODI1MWVlZmI1MjExZTU4YzAwZmYxMzk1ZjBjMGImbmFtZT1zYW0mdXNlcm5hbWU9c2Ftc2FtJmVtYWlsPXRlc3QlNDB0ZXN0LmNvbSZleHRlcm5hbF9pZD1oZWxsbzEyMyZyZXF1aXJlX2FjdGl2YXRpb249dHJ1ZQ%3D%3D&sig=3d7e5ac755a87ae3ccf90272644ed2207984db03cf020377c8b92ff51be3abc3

Synchronizing DiscourseConnect records

You can use the POST admin endpoint /admin/users/sync_sso to synchronize a DiscourseConnect record, pass it the same record you would pass to the DiscourseConnect endpoint, nonce does not matter.

If you call admin/users/sync_sso from another site, you will need to include a valid admin api_key and a valid api_username in the request’s headers. See Sync DiscourseConnect user data with the sync_sso route for more details about how to structure the request.

Clearing DiscourseConnect records

If your external_id values from your DiscourseConnect provider have changed (perhaps you changed the generation algorithm, perhaps it’s a different endpoint) you can safely remove all the existing records using the rails console:

SingleSignOnRecord.destroy_all

Logging off users

You can use the POST admin endpoint /admin/users/{USER_ID}/log_out to log out any user in the system if needed.

To configure the endpoint Discourse redirects to on logout search for the logout redirect setting. If no URL has been set here you will be redirected back to the URL configured in discourse connect url.

Search users by external_id

User profile data can be accessed using the /users/by-external/{EXTERNAL_ID}.json endpoint. This will return a JSON payload that contains the user information, including the user_id which can be used with the log_out endpoint.

Existing implementations

  • The discourse_api gem can be used for SSO. Have a look at the SSO code in its examples directory to see a basic implementation.

  • Our WordPress plugin makes it easy to configure SSO between WordPress and Discourse. Details about setting it up are found on the SSO tab of the plugin’s options page.

Future work

  • We would like to gather more reference implementations for SSO on other platforms. If you have one please post to the Dev / SSO category.

Advanced Features

  • You can pass through custom user fields by prefixing the field name with custom. For example custom.user_field_1 can be used to set the value of the UserCustomField that has the name user_field_1.
  • You can pass avatar_url to override user avatar (SiteSetting.discourse_connect_overrides_avatar needs to be enabled). Avatars are cached so pass avatar_force_update=true to force them to update if the url is the same. Right now, you can’t pass an empty url to disable users’ avatar.
  • By default the welcome message will be sent to all new users created through SSO. If you wish to suppress this you can pass suppress_welcome_message=true
  • To configure your Discourse instance as a Discourse connect provider see: Using DiscourseConnect as an identity provider.

Debugging your DiscourseConnect provider

To assist in debugging DiscourseConnect you may enable the site setting verbose_discourse_connect_logging. By enabling that site setting rich diagnostics will show up in YOURSITE.com/logs. Be sure to :white_check_mark: the warnings box at the bottom of YOURSITE.com/logs.

We will log a warning to the logs with a full dump of the SSO payload:

173 إعجابًا
Discourse SSO + normal login
Sync DiscourseConnect user data with the sync_sso route
SSO login & logout issues
Is there a "log_in" SSO API endpoint?
SSO locked me out of Discourse!
What is the SSO login URL
With SSO my user still need to hit the login button
SSO Login page not showing up
How to handle Discourse SSO when the authentication site allows users to change emails?
SSO integration & external profile sync help
"User Log out API" return success in response but user session still alive
Login to Discourse with website account details
Mobile (firebase) SSO authentication
Single Sign-Out?
SSO on Discourse using Atlassian Crowd
Discourse SSO using auth0 via URL
Merging users from different forums
Automatically assigning users to a group
How to generate nonce from client-side Javascript
Shibboleth / SAML / SSO -- Working Implementation for Higher Ed
Advantage and disadvantage of enabling SSO
Users who register on my site, register also on Discourse Vise Versa
SSO and e-mail addresses having a plus sign
About the SSO category
Logout POST Request
Automatic session management with OAuth SSO
User Fields to validate users
Customized login auth plugin
Custom Login / Registration from another API
Hashing Secret + Payload for SSO
Auto-sign-in with the OpenId Connect Plugin and AWS Cognito
Categorizing and tracking users
Using existing RoR application for user auth / signup instead of discourse
A way for admins to edit users' external IDs
Discourse Ruby API testing "Unknown attribute 'auth_token' for User
Switching out authentication for a passwordless alternative
Wordpress plugin not redirect to discourse login automatically
SSO with TownNews CMS
Disable email verification for SSO
[PAID] Setup SSO for self-hosted instance
Will Discourse ask for a username if it's not provided to /session/sso_login?
SSO locked me out of Discourse!
Enable sso for my site
A community of a no-code tool: SSO vs login via email
Segment Tracking Theme Component
Data explorer query to list the longest "estimated read time" topics?
Can usernames be numbers instead of Letters?
Create user in discourse by redirecting from another site
HMAC-256 example on Official SSO page
Discourse OAuth2 Basic
Jobs::DownloadAvatarFromUrl times out
Add links to meta.discourse.org instructions inside admin
How to configure the SSO Authorization URL via config (without using the admin panel)
Embed Discourse comments on another website via Javascript
TeamAndro exploring a migration from phpBB
DiscourseConnect payload hash encoding mismatch
Dev Category sidebar
Disabling SSO in development environment
Getting signed data from the server
User following invitation link is not visible in Admin/Users due to SSO
Getting signed data from the server
Getting signed data from the server
SSO and changing email addresses upstream
SSO (maybe) specific issue
SSO (maybe) specific issue
Why isn't Discourse more frequently recommended as a "community platform"?
Integration with .NET MVC application for a SaaS platform
Running my own discourse image
Unable to Login to Discourse, using wpdiscourse plugin
How do I make discourse use my platform's autentication system?
Automatic addition of users to group based on email domain
Allowing people to login using accounts from other websites
Seeking Slack Login / SSO for Discourse
Smooth J/K navigation when using keyboard
SSO to Joomla site
Discourse Connect on Local instance is not working
Discourse Connect on Local instance is not working
Implementing SSO for dev environment and troubleshoot
Login with FB, google and apple only
SSO provider implementation - Admin, moderator and groups ignored?
Nextcloud support
How to divide my community into 2 parts
Using Discourse to add a forum feature to our current application?
Shared cookie SSO: Notifying frontend
User auth with website at root and Discourse in subfolder
Can I authenticate to Drupal via Discourse?
Using Discourse as an authentication provider
Error 419 when Attempting DiscourseConnect, JavaScript
Difficulty of Tiered-access forum
Any way to not require email verification with WP as the SSO Provider?
How to auto-login user in application web view
How can I configure Single Sign On for our App to the Discourse Community Forum
[PAID] automatically change user email
Create apikey for user programmatically as admin
Discourse logins into Drupal 8/9
Discourse logins into Drupal 8/9
Bug when visiting same thread url
Open source will support customized provider SSO
Is there a way to get all emails of users with the API?
How can generate _forum_session and _t for an user through code/api call or without login to browser?
Show/hide forums based on the domain? (Shared forum via CNAME)
Integrate with DjangoRest and Vue.js
Auto-assign random, anonymous usernames
Connect Discourse Auth with my Django user DB?
Disable account confirm emails when creating users via API
Transforming usernames with SSO
WP as DiscourseConnect client: Signature parse error/Bad signature error (solved)
Automatically provision accounts with external SSO provider? (skip Create New Account prompt)
Error ArgumentError in DiscourseSsoController#sso, wrong number of arguments (given 1, expected 0)
Error ArgumentError in DiscourseSsoController#sso, wrong number of arguments (given 1, expected 0)
Embed variables in footer
Need help to setup SSO without emails
Programmatically log users out of discourse
Is it possible?
How do I remove people from putting names? I have an API system I want in there
How to detect Discourse user on Ghost Blog?
Problem in sso redirection for compose a new pre-filled topic via URL
How to make default avatars and make sure nobody changes there avatar I want to set them an avatar with my API system
How might we better structure #howto?
Making group joins automatic to an external pricing plan
Is Roblox Login Possible?
Session Timeout SSO after rebuild from Backup
Silverstripe CMS SSO Module
Discourse login with whmcs users
2.7.0.beta4: DiscourseConnect, Topic Timer UI revamp, Login Modal UI revamp, and more
Connecting Discourse invites to Marketo emails
Add support for multi-select fields in DiscourseConnect protocol
Sync WooCommerce Memberships with Discourse groups
Auto assign member to the certain group
Connecting to an external source of avatars?
Changing avatar_url while sso_overrides_avatar is set?
User avatar selection through API no longer working
Sync WooCommerce Memberships with Discourse groups
Disabling email verification
SSO Isnt working for me
Could Discourse offer a StackExchange-like SSO/Federated login service?
Mandatory username & avatar generation - How can we do this?
Intergrading discoures in to a application
Configure single sign-on (SSO) with WP Discourse and DiscourseConnect
How to connect to an external database running on localhost
Automate User Creation
Login Help - Correct way to login
Install Discourse on an isolated CentOS 7 server
What happens to my current users after configuring SSO?
SSO groups without completely overriding
JumpCloud LDAP/SSO
Lexicon: a customizable native mobile app for your Discourse site
DiscoTOC - automatic table of contents
Usernames getting modified – numeral “1” being added
Is "partial" SSO possible?
Send an invite to a user but complete their profile programmatically
Magento 2 as SSO Provider?
Discourse SSO Provider doesn't redirect to return_sso_url as user logs in with custom SSO
Force password change after login
SSO and e-mail addresses having a plus sign
Would Discourse meet all of these niche needs to be a video game community forum?
OpenID Connect and SSO
Can I use the Discourse API to authenticate users in another app?
Does `sso overrides groups` work with Oauth2?
How to prevent another log in with Auth0 and OAuth2 Basic Plugin
Add user to group after purchase
Error Log Missing
Discourseconnect logout issues
Shibboleth SSO with Discourse
Other custom code on WP installation is preventing WP Discourse from redirecting back to forum
Using discourse forum in a native app (log-in, languages)
Use Discourse as an identity provider (SSO, DiscourseConnect)
Possible to send an email login link via API?
Possible to send an email login link via API?
Self serve SSO email synchronisation
Discourse Connect: How implementing Discourse login with an existing database?
Sync group membership with external list of email addresses
Distrust: Discourse as an OpenID Connect provider
Admin sso and group permissions
Can I use my own Login page instead of discourse's Default login dialog box?
Using node.js (discourse-sdk) API when SSO is enabled?
Using Discourse as SSO Provider for Wiki.js
SSO is forcibly creating the user as an admin
Modify the URL of 'create your account' button to an external site
DiscourseConnect Won't Let Me Log Back In
DiscourseConnect Won't Let Me Log Back In
DiscourseConnect Won't Let Me Log Back In
DiscourseConnect Won't Let Me Log Back In
Watched words links corrupt @mentions and #categories
Recursive Impersonation
User flair remains after user is removed from group
Recursive Impersonation
How to add a custom url text link on the login page
Can discourse delete archived posts automatically and accept registration without email?
Unable to Test Discourse Connect on localhost
Drupal 8 and Discourse shared SSO
SSO is forcibly creating the user as an admin
Onboarding 15k Trial Users/Year: Need Help Streamlining the Process
Filling in discourse_username when not using DiscourseConnect
Is DiscourseConnect available for self-hosted?
Is DiscourseConnect available for self-hosted?
Discourse login by cookie token
Could you update user avatar for wordpress plugin sso?
Secondary Emails with SSO
How to Disable Required SSO Email Activation
Redirect to Register link after invite while using SSO
Custom field in discourseconnect
Make email optional
User avatar selection through API no longer working
Wordpress plugin not redirect to discourse login automatically
Discourse login by cookie token
How to configure Discourse as the sole user-facing login/sign-up provider for Wordpress site
Custom field in discourseconnect
DiscourseSsoConsumer, a SSO extension for MediaWiki
System assigned profile picture not synced to Discourse Connect client sites
Discourse connect sync_sso avatar update issue
Discourse as OpenID Connect provider
Unable to create user in Discourse from WP with new registration form
Logging users in through c++ desktop application
Discourse as OpenID Connect provider
Is there any endpoint that would provide a user's external account IDs from their Discourse ID?
"Fake" OAuth Provider?
German People here
Invite only by email from database
Is it possible to autologin discourse via iframe?
New Wordpress users connecting to existing Discourse users
Login w/ Discourse w/o SSO?
Login w/ Discourse w/o SSO?
Login w/ Discourse w/o SSO?
Login w/ Discourse w/o SSO?
Generic “userN” usernames
Generic “userN” usernames
Change login link param (return_path)
Require accepting new terms (after changes) as a modal inside forum
Guest Gate Theme Component
Unable to Login to Discourse, using wpdiscourse plugin
How to switch from Discourse Connect SSO to local logins
Lack of Discourseconnect client tab in multisite for wordpress
Wordpress plugin not redirect to discourse login automatically
Wordpress plugin not redirect to discourse login automatically
Discourse Hosting Limits?
Guest Gate Theme Component
DiscourseConnect always returns "Nonce is incorrect, ..."
Auto Login enabled for public facing community?
Has anyone succeeded in using discourse as sso provider for nextcloud? Share recipe?
SSO in C# .NET App
Discourse SSO failed to login the user while redirection
Change email and username charset to unicode
Intergrate Discourse with keycloak
Auto Login enabled for public facing community?
Intergrate Discourse with keycloak
Intergrate Discourse with keycloak
Intergrate Discourse with keycloak
Intergrate Discourse with keycloak
Intergrate Discourse with keycloak
Work with discourse users on an SPA
Work with discourse users on an SPA
WP-Discourse → User Switching Not Working
WP-Discourse → User Switching Not Working
Is there a way to use both local login and discourseConnect?
Allow my application users to login to discourse
Hide log out menu when using SSO
Discourse Integration Nextcloud bad csrf
Feature: create default user name from email's user portion when using Google OAuth2/SSO
Account login timed out when using SSO if auth_immediately = false
SSO login appears to have stopped working
Is there a way to use both local login and discourseConnect?
DiscourseConnect and user time zone / location
SSO Login issue
Configure an S3 compatible object storage provider for uploads
SSO Redirect Issues
Use Discourse as an identity provider (SSO, DiscourseConnect)
"Fake" OAuth Provider?
Sync WooCommerce Memberships with Discourse groups
SSO Redirect Issues
SSO Redirect Issues
Discourse Hosting Limits?
DiscourseConnect and user time zone / location
Embedding topics with login required and DiscourseConnect
WPDiscourse - Logout not working
Using Discourse as SSO provider but facilitating users continuing task on Wordpress?
Guest Gate Theme Component
"You need to sign in or sign up before continuing"
Any fallback available for failed SSO?
Changing email addresses not working as an Admin
Unable to anonymize user via API with SSO enabled
API bug : final "." in username causes error
Guest Gate Theme Component
Guest Gate Theme Component
Discourse Membership Synced with Member Status in other system (WHMCS)
Single sign-on sticks despite deleting the Discourse plugin
Populating email field on login page
Problem on SSO Login
API Create user external_ids parameter
Users unable to login with Discourse Connect
SSO Callback closes connection (0 bytes sent by server); used logged out of impersonation previously
Auto approve email domains still requires staff approval
SSO Failing to Override Avatar
Manually copying over comments from Wordpress, how do I can create user accounts?
SSO Broken - The requested URL or resource could not be found
Auto approve email domains still requires staff approval
Intergrate Discourse with keycloak
Can I use the Discourse API to authenticate users in another app?
Adding Discourse to existing Ruby on Rails site
Only let staff unlink social accounts?
Use WP Discourse to publish posts from Wordpress to Discourse
Discourse Connect does not auto login anymore
Adding SSO after many users already signed up -- how to migrate them?
Update user details
Is it possible?
Is it possible?
Is it possible?
Is it possible?
Is it possible?
Is it possible?
Unable to create user in Discourse from WP with new registration form
Login error while trying to use Discourse as an identity provider (SSO, DiscourseConnect)
How to add custom query parameter in discourse connect url?
Can I use DiscourseConnect along with Discourse Native Registration?
How can we disable 2FA for an user while we are using google auth2 login in Discourse?
Bratwurst: the wurst possible production DiscourseConnect provider
SSO Login with Discourse
Synchronize SSO login state between Discourse and provider
Connection and discourse account creation without going on discourse
Migrate an IPB 3.1 forum to Discourse
How to know if user has SSO
Email-less and password-less registration & authentication
Disable DiscourseConnect
Generating a login email via API
Any other way to authenticate user without redirecting to session/sso
SSO failover scenarios
How to use Discourse Connect (SSO) to update avatar, username, name?
How to use Discourse Connect (SSO) to update avatar, username, name?
How to use Discourse Connect (SSO) to update avatar, username, name?
Label Sets
An entirely email-less Discourse instance
Issue with Api
Invites keep getting error "not_matching_email"
Any other way to authenticate user without redirecting to session/sso
Bad automatic choosing of username when using SSO (DiscourseConnect)
Use Discourse as an identity provider (SSO, DiscourseConnect)
Unable to setup discourse in my windows 10
Ghost & Discourse SSO implementation
Need help connecting nextcloud with discourse
Is there a possibility for Discourse to integrate with web3 wallets?
Guest Gate Theme Component
Discourse SSO Configuration
How admin user re-logins after using discourse connect sso and custom domain
How admin user re-logins after using discourse connect sso and custom domain
How to set Authorization token in request headers when user attempts to login on discourse
How can I check in my website if the user is logged in to my Discourse?
Go from a Wordpress + Discourse structure to a Discourse site only?
Generating and retrieving user API keys
Wordpress avatars from Discourse when Discourse is the SSO provider
Discouse Connect avatar_url with S3
Invite links (Accept Invitation Button) with SSO not working for stable v2.8.10
How to "intercept" first time SSO usages to let users confirm the SSO action and set a username?
Discourse Connect receive Discourse Approval state
Multiple development instances
Multiple development instances
How to create a login on my front-end application to a specific Discourse site?
How to create a login on my front-end application to a specific Discourse site?
Use Discourse as an identity provider (SSO, DiscourseConnect)
First time login for a user using API KEY
DiscourseConnect and Clickfunnels
Connect discourse with magento?
Connect discourse with magento?
DiscourseConnect UniqueViolation on sync_sso
Can we combine 2 separate discourse sites?
Multisite vs multiple containers
Discourse login from external site
Users allowed to see only some categories
Add links to Discourse that allow users to authenticate via SSO or access private groups directly if they are logged in already
Using external_id via API
How to set Authorization token in request headers when user attempts to login on discourse
Discourse Connect Flow
Add links to Discourse that allow users to authenticate via SSO or access private groups directly if they are logged in already
Add links to Discourse that allow users to authenticate via SSO or access private groups directly if they are logged in already
Discourse Connect Flow
Issue with Drupal Discourse SSO
I keep getting logged out after implementing Discourse SSO
Wp_discourse unable to remember login status
Splitting a site into two parts
DiscourseConnect Provider Questions
Login error
DiscourseConnect Provider Questions
Login error
Create User external_ids parameter
Error creating account in Wordpress with Discourse Connect
Use Discourse Connect with Wordpress and regular login
How to add users to multiple groups using discourse connect?
The Sign up button is not activated
Admin status repeatedly revoked
Use Discourse Connect with Wordpress and regular login
Add user to group via webhook with email
Login error
Notify admins if a user updates their primary email
Customising hostname sent in email links for app deeplinking
Plugin to integrate Shopify accounts with Discourse
How to do single sign-on with forum program?
Exploring ways to partition a forum
Exploring ways to partition a forum
GET DiscourseConnect Single Sign On record via APIs
Simple login by email via deep links containing a username
While using DiscourseConnect, is the CONFIRM Account needed?
While using DiscourseConnect, is the CONFIRM Account needed?
Discourse Connect/Squarespace (SSO)
Discourse Connect/Squarespace (SSO)
Wordpress username publishing help
Wordpress username publishing help
How to set language for SSO users
Log in button Redirects Issue
Log in button Redirects Issue
Want to set internal forum on our reactjs member's platform
New instructions for SSO setup? "enable discourse connect" setting is missing
New instructions for SSO setup? "enable discourse connect" setting is missing
Bulk invite to group
Wordpress Groups Sync with Discourse
Add a new user via API
Configure GitHub login for Discourse
Seeking Guidance: Dual Authentication Setup for Moderators and Students
Seeking Guidance: Dual Authentication Setup for Moderators and Students
Anyone has discovered/ build a site as multisite (SSO), would like to see the possibilities for inspiration!
Use SSO to auto create Discourse login/password after signed up in my SaaS
Undefined method `kilobytes' for "100":String error breaks topic and avatar sync
"Login error" page during the login attempt by existing user previously added through SSO
"Login error" page during the login attempt by existing user previously added through SSO
Gate our community to just members of our Shopify site?
Gate our community to just members of our Shopify site?
How best to engage Discourse for a larger WordPress magazine?
How best to engage Discourse for a larger WordPress magazine?
How can I change the registration URL?
How do I go about making a very customized theme?
DiscourseConnect (SSO) integration with Spring Boot (J2EE)?
An idea for more economical comments?
Unable to disable SSO via SSH
Is it possible to have an automatically updating link to a user's profile picture? Such as by giving each user one "slot" for an avatar?
SSO broken after rebuild with stable v3.3.3
Using Discourse Connect with a mobile app
Disable DiscourseConnect
Missing anchor links in certain TOC topics?
Integration into custom auth system where emails are not unique?
How to disable SMTP during installation?
Create User external_ids parameter
Auto Login to my Discourse site / subdomain
How to Disable activation_reminder email sending?
Communities using discourse SSO for their in-app community experience
Extending header buttons
Auth via Discourse Forum
🧩 How to Build an Android App User Community with Discourse? [HeyApks Project]
Postgres doesn't seem to be running when running Discourse locally using Docker
Discourse sso login redirect to localhost:3000, not 4200 (running via docker)
Cross-Discourse Quoting
Is it Possible to Send Encrypted Email and Password in the Authentication Flow?
Nutzung von Nextcloud aus Discourse heraus
Understanding PII storage in Discourse
Log in button Redirects Issue
Login to Discourse with custom Oauth2 provider
Can I log into multiple instances of discourse simultaneously?
Upgraded last night and login button no longer works
SSO with Roles translating to Groups
Redirect login possible?
How to disable SSO via SSH
Connect Multiple WP Sites To 1 Discourse Installation?
What is the procedure to obtain CAS between my website and my discourse instance?
Problem logging in using SSO plugin
PAID: Create Open Source SSO plugin to auth with Wild Apricot
Trouble connecting drupal and discourse
About the idea: IDENTITY = EMAIL
About the idea: IDENTITY = EMAIL
How to create members-only site with Discourse, WordPress, and LearnDash
Consequences of not validating email addresses
SSO and Restricted Groups
Questions about Discourse on Digital Ocean
Require users to join at least one group at sign-up
Change right gutter to vertical timeline + topic controls
Use the same user database and login credentials in multiple discourse instances
How to connect my (existing) User Database?
Can usernames be numbers instead of Letters?
User group sync with drupal
Options with SSO with another custom application
Issues in Integrating SSO in Discourse
How to implement Discourse with an already built Rails project
Updating SSO documentation
Configuring SSO to Work With SocialEngine
Updating SSO documentation
Discourse view file update does not reflect in browser
Discourse view file update does not reflect in browser
Trying to set up SSO
Discourse doesn't re-verify an address changed by SSO
Discourse doesn't re-verify an address changed by SSO
User API keys specification
SSO and Discourse Consulting
Changing the unique key to identify users
Setting the user title(group?) based on the information that is coming from the sso payload
Mini (Inline) Onebox Support RFC
TL2 welcome message sent every time on SSO login
Error during SSO integration - Wholistic Minds
Advice needed for tailoring Discourse to my organisation
Rails error when using DiscourseConnect and Wordpress
Primary and Discourse Site Integrations
Automatic Table of Contents generation
Questions Regarding Account Authentication Methods
Can usernames be numbers instead of Letters?
Redirect all users who click on domain.com/signup to a different page
Poll Result Breakdown
Cant update email via API - invalid_access error
Disabling all emails except those registration related?
Allow admins to change email addresses easily
Can't get avatar overrides to work over SSO
Allow admins to change email addresses easily
Creating and configuring custom user fields
Conflicting email addresses, giving admins more power to resolve issues
Unable to create user in Discourse from WP with new registration form
Which Discourse hosting tier should I choose?
New users via API if allow new unchecked
How to change login settings without being logged in?