Hello, I am setting up sso authentication for Discourse.
When the user logs in on the main site, I would like he also be logged into the forum.
At the end of the procedure, the user stays on the main site.
This is slightly different from the official setup:
where a user must first visit the forum, then click on the login button to be redirected
to the main site authentication page and finally be redirected back to the forum.
So I tried to handle the discourse login directly from the main site backend:
- send a request to discourse
- in the response a cookie is set by discourse (I discard it);
- the sso and sig parameters are taken from the redirect Location url.
- generate and sign a response with the nonce and user information;
- immediately send request with new sso and sig to discourse
However, I get the error “Account login timed out, please try logging in again”.
I would expect discourse login to succeed and to receive some authentication cookies.
Is there something wrong with the above procedure? Should I send back the above cookie?
Is there a simpler way to have the main site trigger discourse login?