Silent login/signup via Auth0


(shahid) #1

Hi

I am trying to achieve SSO for the following scenario.

My application authenticates users agains auth0. Once authenticated, whenever the user visits the discourse page, I expect the user to be logged in silently without having to re-enter credentials (using the credentials from the initial login to my application).

Has anyone tackled this scenario?

Currently i have an Auth0 rule that upon authentication re-directs to discourse via the /sso/ path, passing the sso credentials from Auth0. This logs the user in, or creates the discourse account and then logs user in for a new discourse user.
But I want to achieve this without the Auth0 redirect so the experience to the user is seamless and he/she is already logged in when deciding to visit the discourse page.

Any assistance would be appreciated.
The same issue has been raised here, but there was no solutions proposed:

Regards


(Rafael dos Santos Silva) #2

This works if you make your site login required.

However you lose the ability to be crawled by search engines.


(Fady) #3

Hey @shahidmir :wave: Just wanted to jump in with a quick comment: your best bet is to set up a RWA in Auth0 and use the official Discourse OAuth 2 Basic Plugin.

We, at Auth0, have a similar setup where our customers can login to the Auth0 Dashboard, Support Center, and Community with a single Auth0 account. If the user has already created a session with your app, your Auth0 tenant will automatically return them to Discourse with the access_token without prompting them for their credentials.

You can take a look at how we set it up at community.auth0.com

I hope that helps :slight_smile:


Auth0: Single Sign On for Enterprise and support for 20+ Social Providers
(shahid) #4

hi, thanks very much for that.

regards
shahid


(Ruth Cheesley) #5

Hi @fadymak, thanks for the info.

A walk through would be super helpful on how to set up this integration more fully.

I’ve managed to fumble my way through with a combination of the readme from the OAuth2 plugin and video tutorial on the Auth0 site, but I’m a bit stuck on the JSON User Endpoint part here: GitHub - discourse/discourse-oauth2-basic: A basic OAuth2 plugin for use with Discourse

These fields don’t seem to correspond with anything I can easily track down in Auth0.

Any guidance gratefully received!

Ruth


(Ruth Cheesley) #6

For anyone else who gets stuck, I received the following from Auth0 support:

Hi Ruth,

In this case, the fields map as follows:

oauth2 json user id : user_id
oauth2 json username : username
oauth2 json name : name
oauth2 json email : email

The oauth2_user_json_url would be the userinfo endpoint, e.g., https://your-instance.auth0.com/userinfo .

You don’t need to specify the :token placeholder as the endpoint consumes the token via the Authorization: Bearer header.


(shahid) #7

Hi fady,

After trying a few different approaches, I have finally come back to this approach you suggested :slight_smile:

It all hangs together nicely now, expect one thing.
After the first successful login (after account creation in discourse), when i try to login again, the lock widget opens up with credentials pre-populated. When i accept these credential and click on email/username, the login does not succeed because the json endpoint is returning empty results for the userinfo endpoint.

Im assuming this is because the correct scopes are not passed?
Is there any additional config that i need to set in discourse or auth0 for this?

regards


(shahid) #8

@fadymak seems like i can get around this issue by adding the “openid” scope to the API that im using in auth0.
Is this the correct approach?


(Blake Erickson) #9

A post was merged into an existing topic: How to use Auth0 with the OAuth2 Basic Plugin