I would like to lower the hurdle to login in our school forum by the following procedure:
Links sent by mail to the (mostly non-public) forum should contain the username of the addressed user (like forum.my.tld/t/123#user=toka)
If a not logged-in user opens this link, a page offers to send a login link by clicking a button.
If clicked, a login with a login token should be sent to the user, which then allows them to open the target page without further interaction for a specific time. Otherwise, a “resend login link” button should be offered.
Has this already been implemented somewhere?
If not: which machinery exists, which could be used to implement it?
Yes. This is our prominent way to log into the forum. But for a big part of the users, this seems to be too difficult.
In addition, we face the problem that some users use non-identical email addresses in their communication. For example, (at)gmail.com and (at)googlemail.com, or email addresses with or without added dots in the username. They do not remember which email address they once wrote on the paper (yes, sorry, it’s Germany) registration form and are either unaware of these problems or of the possibility to learn about their “login email address” by checking their mail headers.
Therefore, I am investigating a way that links sent to users allow users to log in without further knowledge of how to use the Discourse login procedure.
There is certainly a security risk, if you are comfortable to accept it, some automation that generates the links we generate when you try to log in via email, is certainly feasible, as long as they already have accounts.
