Shared account and unified user experience between different Discourse instances

Now we’ve seen so many projects/companies use Discourse as a discussion forum. However, I often find it a little cumbersome to register accounts for each website (though SSO alleviate this pain a bit) and setup user profile and preferences or something alike.

I wonder, like opting in for ‘Discourse Discovery’, could we add an option for site owners to opt in sharing account info with CDCK? Basically it could mean adding an SSO option like ‘Login with Discourse’. Moreover, to integrate more tightly, we can share user info and preferences between different communities like what Reddit does. It could be even better if users can access their aggregated activities/bookmarks/likes/replies data in one place.

Also, could common js /css / fonts assets be shared between different instances to accelerate first-time landing?

3 Likes

That is “privacy hell”, any Discourse instance would get access to all user names and email addresses of any other Discourse instance. And possibly even more. So that will never be acceptable.

2 Likes

I think this feature was mentioned here too:

4 Likes

Sort of, but I was only thinking of Discourse functioning as an optional OAuth provider. Maybe it’s a slippery slope.

4 Likes

Not necessarily. A future “Login with Discourse” service could operate like other social logins (Google, Apple, Facebook, etc.). Just because those logins are enabled, it doesn’t mean that the instance get access to all user names and email addresses at the source. The associated accounts will only be created for users that signup/login using that method.

The request in the OP is something that we have been considering for a while, it’s an interesting option that would reduce the barrier to joining a new Discourse community. But it’s a big, big project, and so far, we have hesitated to embark on it. Certainly an idea that comes up regularly internally.

5 Likes

Those are privacy hell…

Those companies specifically have some privacy issues, but they also do a lot more than centralized auth.

I think there’s probably an argument to be made that centralized auth comes with its own risks, but the original claim you made is not accurate and not really relevant to that aspect:

2 Likes

I stand corrected.

Regardless, I think this will very hard to be GDPR compliant.

1 Like

Discourse Auth providing data hashes to start sessions multi-instance but we just trusting discourse to keep ours hashes safe is a dilemma to decentralized foruns.

Lemmy did something like that but with ActivityPub and all we knows that it’s a nightmare.

1 Like