SSO integration & external profile sync help

Hi Community - we have a successful SSO integration currently. When users are created on our site, it creates the user on Discourse, but we need some direction on the following:

  1. We noticed the options for SSO payload updating bio, email, avatar, etc. and it will be refreshed on login. Users will be able to update these settings on their external profile. How do we sync these updates when they save on their external profile?
  2. Is there a way to have these syncs happen in the backend? When a user logs in, and while the sync happens, we display a message to the user. This can be problematic since it can take longer than we’d like and gives opportunity to interrupt the sync with a refresh or closing the tab.
  3. Discourse auto log out: by default, Discourse logs users out after 1440 hours. We do not auto log out our users on our external site and must manually log out. Anyone have any advice or warnings here? e.g. the user deletes their cookies/sessions will that be an issue?

Thanks in advance all!

1 Like

See the section titled “Synchronizing SSO records”

3 Likes

Ah ha! Thanks. We missed that originally. Any suggestions, advice or direction on #2 or #3?

2.

Just get your auth / profile editing external site to sync to Discourse server-side as soon as a change occurs, it’s a single HTTP request. No need for messages etc. You should not be doing this client-side - i.e. no worries about closing a tab.

For security reasons I would avoid going beyond 60 days without requiring re-auth if the user hasn’t interacted with Discourse.

3.

If users do use your external site just have your page contain insert a hidden IFRAME / EMBED of the Discourse site to the URL /session/sso…
Only add this hidden IFRAME when the user hasn’t been authenticated recently (so it doesn’t slow down every page load) - probably just when they initially login.

This will keep the Discourse session alive. (EDIT: Note this will also log them into Discourse if they aren’t already)

You can look to the Discourse WordPress plugin I believe it contains something like this.

4 Likes

The WordPress plugin doesn’t add a hidden iframe. It does have an option to sync SSO records without users logging in, but it uses the sync_sso route for that.

3 Likes