SSO Plugin for mobile

mobile
sso

(cpk) #1

I have an interesting case where I need to handle SSO from a mobile app. I have SSO working fine (great docs, thanks) on the web side, but need to detect if the incoming SSO request if from the app or the web.

Im writing a plugin to add a new endpoint to handle mobile SSO that simply registers and returns the nonce, instead of redirecting you to an external URL. The code looks something like this:

class MobileController < ApplicationController
	require_dependency 'single_sign_on'

	respond_to :json

	def returnNonce
		@url = DiscourseSingleSignOn.generate_url()
		respond_with @url
	end
end

Here is plugin.rb

require_dependency 'single_sign_on'

    after_initialize do
    	load File.expand_path("../controllers/mobile_controller.rb", __FILE__)
    
    	Discourse::Application.routes.prepend do
    		get 'session/sso/mobile' => 'mobile#returnNonce'
    	end
    end

Currently it sends back all of the home page markup, and I’m looking to just return the nonce, and continue auth with 3rd party SSO host site, then return to Discourse / mobile app. I can add any additional details if necessary. Thanks a bunch.

EDIT: Digging deeper, I’m seeing that the generate_url() method actually performs the redirect, so I may have to create an abridged version of the generate_url() method that excludes the redirect. The new question is how should the plugin directory be structured to support this? Im trying to keep it as simple as possible, based on what I’ve read from @sam

I may have just answered my own question. Rambling over.

-C


(cpk) #2

Solved. After digging deeper into Discourse, I found that ApplicationController was rendering the ‘empty’ template, not the index template. Console debugger helped a lot with this to see what was happening under the hood.

mobile_controller.rb

class MobileController < ApplicationController
	require_dependency 'single_sign_on'

	skip_before_filter :check_xhr, only: ['returnNonce']
	respond_to :json

	def returnNonce
		nonce = DiscourseSingleSignOn.generate_url(params[:return_path] || '/')
		uriArray = Rack::Utils.parse_query(nonce)

		render json: uriArray
	end
end

This could maybe be improved by leveraging the check_xhr method, but because I’m defining a new endpoint, I don’t need to check for xhr.

If you are trying to implement SSO in a hybrid app (Ionic), this could be a good starting point. Thanks.

-C