I am a developer for a website with social-network like behavior, and we'd like to integrate Discourse into our site. We love how Discourse works and we want to have a Discourse-powered discussion platform on the site. We want to create a seamless experience for users, where Discourse naturally becomes like part of our main site. We maintain our own user database (which should override all user management in Discourse).
We created an instance of Discourse and we attempted to use Discourse SSO. The SSO bit works fine, but the experience is nowhere near seamless. By default the logged-in/out states becomes out-of-sync:
- If a user logs in on our own site login, they don't become logged in to Discourse. When they visit our Discourse instance, they're still logged out. They must click one of Discourse's sign in buttons, where they'll get redirected to our SSO handler etc. and then back to Discourse where they'll finally be in a logged-in state.
- If a user logs out on either our site or Discourse, they don't automatically become logged out on the other.
We want to have no user-accessible user management features in Discourse (no login/logout buttons, no change of password/usernames); instead our main site sends all user info to Discourse so that Discourse truly becomes a natural part of the site.
What can we do to achieve this? I've been browsing through many posts in meta.discourse but there doesn't seem to be an elegant solution.
- We'd love it if login/logout endpoints can all be defined within the Discourse admin settings.
- One thought is that maybe, every time a user opens our Discourse instance, an SSO-like behavior automatically executes, redirecting the user to our own handlers, securely passing in user info via encrypted URL parameters, and then back to Discourse in the proper logged-in/logged-out state.
- Alternatively we can pass around info using cookies.
- Other ideas?
We don't use ROR for our main site at the moment, in fact we have no previous Ruby experience. We're looking for a natural built-in solution in Discourse, not requiring us to modify/override the Discourse source code.
Also, regarding the user data passed around during SSO login, we see from https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045 that we can send over their externalID, username, email, etc.; in fact we currently do. How can we also pass in the user's avatar as a URL (as a path to our CDN file) and have Discourse natively use that value to display that user's avatar across the site?
We appreciate the help.