SSO integration & external profile sync help

2.

Just get your auth / profile editing external site to sync to Discourse server-side as soon as a change occurs, it’s a single HTTP request. No need for messages etc. You should not be doing this client-side - i.e. no worries about closing a tab.

For security reasons I would avoid going beyond 60 days without requiring re-auth if the user hasn’t interacted with Discourse.

3.

If users do use your external site just have your page contain insert a hidden IFRAME / EMBED of the Discourse site to the URL /session/sso
Only add this hidden IFRAME when the user hasn’t been authenticated recently (so it doesn’t slow down every page load) - probably just when they initially login.

This will keep the Discourse session alive. (EDIT: Note this will also log them into Discourse if they aren’t already)

You can look to the Discourse WordPress plugin I believe it contains something like this.

4 Likes