Silent login/signup via Auth0

shahidmir · March 16, 2018, 5:52pm

Hi

I am trying to achieve SSO for the following scenario.

My application authenticates users agains auth0. Once authenticated, whenever the user visits the discourse page, I expect the user to be logged in silently without having to re-enter credentials (using the credentials from the initial login to my application).

Has anyone tackled this scenario?

Currently i have an Auth0 rule that upon authentication re-directs to discourse via the /sso/ path, passing the sso credentials from Auth0. This logs the user in, or creates the discourse account and then logs user in for a new discourse user.
But I want to achieve this without the Auth0 redirect so the experience to the user is seamless and he/she is already logged in when deciding to visit the discourse page.

Any assistance would be appreciated.
The same issue has been raised here, but there was no solutions proposed:

Regards

Falco · March 16, 2018, 6:14pm

This works if you make your site login required.

However you lose the ability to be crawled by search engines.

fadymak · March 22, 2018, 2:39pm

Hey @shahidmir Just wanted to jump in with a quick comment: your best bet is to set up a RWA in Auth0 and use the official Discourse OAuth 2 Basic Plugin.

We, at Auth0, have a similar setup where our customers can login to the Auth0 Dashboard, Support Center, and Community with a single Auth0 account. If the user has already created a session with your app, your Auth0 tenant will automatically return them to Discourse with the access_token without prompting them for their credentials.

You can take a look at how we set it up at community.auth0.com

I hope that helps

shahidmir · March 27, 2018, 8:47am

hi, thanks very much for that.

regards
shahid

RCheesley · April 26, 2018, 5:13pm

Hi @fadymak, thanks for the info.

A walk through would be super helpful on how to set up this integration more fully.

I’ve managed to fumble my way through with a combination of the readme from the OAuth2 plugin and video tutorial on the Auth0 site, but I’m a bit stuck on the JSON User Endpoint part here: https://github.com/discourse/discourse-oauth2-basic#part-2-configuring-the-json-user-endpoint

These fields don’t seem to correspond with anything I can easily track down in Auth0.

Any guidance gratefully received!

Ruth

RCheesley · April 30, 2018, 12:07pm

For anyone else who gets stuck, I received the following from Auth0 support:

Hi Ruth,

In this case, the fields map as follows:

oauth2 json user id : user_id
oauth2 json username : username
oauth2 json name : name
oauth2 json email : email

The oauth2_user_json_url would be the userinfo endpoint, e.g., https://your-instance.auth0.com/userinfo .

You don’t need to specify the :token placeholder as the endpoint consumes the token via the Authorization: Bearer header.

shahidmir · May 16, 2018, 11:55am

Hi fady,

After trying a few different approaches, I have finally come back to this approach you suggested

It all hangs together nicely now, expect one thing.
After the first successful login (after account creation in discourse), when i try to login again, the lock widget opens up with credentials pre-populated. When i accept these credential and click on email/username, the login does not succeed because the json endpoint is returning empty results for the userinfo endpoint.

Im assuming this is because the correct scopes are not passed?
Is there any additional config that i need to set in discourse or auth0 for this?

regards

shahidmir · May 16, 2018, 12:01pm

@fadymak seems like i can get around this issue by adding the “openid” scope to the API that im using in auth0.
Is this the correct approach?

blake · May 29, 2018, 4:30pm

A post was merged into an existing topic: How to use Auth0 with the OAuth2 Basic Plugin