I am trying to achieve SSO for the following scenario.
My application authenticates users agains auth0. Once authenticated, whenever the user visits the discourse page, I expect the user to be logged in silently without having to re-enter credentials (using the credentials from the initial login to my application).
Has anyone tackled this scenario?
Currently i have an Auth0 rule that upon authentication re-directs to discourse via the /sso/ path, passing the sso credentials from Auth0. This logs the user in, or creates the discourse account and then logs user in for a new discourse user.
But I want to achieve this without the Auth0 redirect so the experience to the user is seamless and he/she is already logged in when deciding to visit the discourse page.
Any assistance would be appreciated.
The same issue has been raised here, but there was no solutions proposed:
We, at Auth0, have a similar setup where our customers can login to the Auth0 Dashboard, Support Center, and Community with a single Auth0 account. If the user has already created a session with your app, your Auth0 tenant will automatically return them to Discourse with the access_token without prompting them for their credentials.
After trying a few different approaches, I have finally come back to this approach you suggested
It all hangs together nicely now, expect one thing.
After the first successful login (after account creation in discourse), when i try to login again, the lock widget opens up with credentials pre-populated. When i accept these credential and click on email/username, the login does not succeed because the json endpoint is returning empty results for the userinfo endpoint.
Im assuming this is because the correct scopes are not passed?
Is there any additional config that i need to set in discourse or auth0 for this?