Hi, I’m having an issue with Discourse SSO. What am I doing wrong? My code below extracts from my other platform with no issue. However Im getting no nonce.
<?php
// Enable error logging for debugging
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// Load init file
require_once '/init.php'; // Update this path based on your Platform setup
// Discourse Connect secret key and URL to return the payload
$sso_secret = 'keyhere'; // Replace with your Discourse shared secret key
$discourse_url = 'https://urlhere.com/session/sso_login'; // Replace with your Discourse URL
// Start session to check Platform user login state
session_start();
// Check if the user is logged in
if (!isset($_SESSION['uid'])) {
// If the user is not logged in, redirect to the Platform login page
header('Location: /clientarea.php');
exit;
}
// Debug: Log incoming request parameters
error_log("Received GET parameters: " . print_r($_GET, true));
// Check if we received the 'sso' and 'sig' parameters from Discourse
if (!isset($_GET['sso']) || !isset($_GET['sig'])) {
error_log("Missing SSO or SIG parameters.");
header('Location: /clientarea.php');
exit;
}
// Validate the SSO signature using the secret key
$sso = $_GET['sso'];
$sig = $_GET['sig'];
$expected_sig = hash_hmac('sha256', $sso, $sso_secret);
if ($sig !== $expected_sig) {
error_log("Invalid SSO signature. Expected: $expected_sig, Received: $sig");
header('Location: /clientarea.php');
exit;
}
// Fetch Platform client details
$clientDetails = localAPI('getclientsdetails', ['clientid' => $_SESSION['uid']], 'admin');
if ($clientDetails['result'] !== 'success' || !isset($clientDetails['userid'])) {
error_log("Failed to fetch Platform client details.");
header('Location: /clientarea.php');
exit;
}
// Extract user details
$userId = $clientDetails['userid'];
$email = $clientDetails['email'];
$firstName = $clientDetails['firstname'];
$lastName = $clientDetails['lastname'];
$username = $firstName . ' ' . $lastName;
// Decode the SSO payload
$sso_payload = base64_decode($sso);
parse_str($sso_payload, $sso_params);
if (!isset($sso_params['nonce'])) {
error_log("Nonce is missing from SSO payload.");
header('Location: /clientarea.php');
exit;
}
// Prepare the return SSO payload with user details
$return_payload = [
'nonce' => $sso_params['nonce'],
'email' => $email,
'external_id' => $userId,
'username' => $username,
'name' => $firstName . ' ' . $lastName,
'admin' => 0, // Set to 1 if the user is an admin, otherwise leave as 0
'moderator' => 0 // Set to 1 if the user is a moderator, otherwise leave as 0
];
// Base64-encode the return payload
$query_string = http_build_query($return_payload);
$encoded_payload = base64_encode($query_string);
// Sign the encoded payload with the Discourse secret
$return_sig = hash_hmac('sha256', $encoded_payload, $sso_secret);
// Debug: Log the payload and signature
error_log("Return Payload: " . print_r($return_payload, true));
error_log("Encoded Payload: $encoded_payload");
error_log("Return Signature: $return_sig");
// Redirect to Discourse with the signed payload
header("Location: $discourse_url?sso=" . urlencode($encoded_payload) . "&sig=" . urlencode($return_sig));
exit;
Error logs:
[25-Sep-2024 14:50:17 UTC] Missing SSO or SIG parameters.
[25-Sep-2024 14:53:59 UTC] Received GET parameters: Array
(
[sso] => nonce_from_discourse
)
[25-Sep-2024 14:53:59 UTC] Missing SSO or SIG parameters.
Not sure why?