SSO Redirect Problem

pr-welcome

(penguin master) #1

I am working with Discourse SSO authentication and running into a problem with redirects. I am able to successfully login and everything works great, until the user logs in using GitHub or Google.

What seems to be happening is our site redirects to Discourse, Discourse accepts the SSO request, allows user to select GitHub, and redirects to GitHub. The user logs in, and is redirected to Discourse, but the last redirect back to our service is never completed. Discourse forgot my encoded request to Discourse? Why would Discourse not complete the redirect back to my service after GitHub or other login via OAuth?

I believe this may be a bug, but suspect I may be missing a header.

Any help would be appreciated!

Thank you,
ThePenguinMaster


(Matt Palmer) #2

What is “your service” in this case? Discourse, or something else? I’m not understanding the redirect flow you’re trying to achieve.


(penguin master) #3

The service is a node.js service. The service uses Express for routing. In the current setup, the user attempts to access a page that is restricted and is sent to our login page. From there, they say, click a link called “login”. That starts the SSO process and generates a URL to “/session/sso_provider”

This is defined here: Using Discourse as a SSO provider

After the user is redirected to the Discourse login, they enter their credentials, and Discourse redirects back to our service endpoint and we receive a token. This is all built into Discourse SSO.

This all works great if the user is created in Discourse. The problem arises if the discourse user account is an OAuth account linked to GitHub or other. Discourse redirects to GitHub or other provider and Github redirects back (standard OAuth behavior). Discourse fails at that point to redirect back to the service that started the SSO transaction.

Just to be clear, I am using Discourse as an SSO provider for our service. I think I failed to mention that.


(penguin master) #4

Just wanted to bump this up. It is still a blocking issue for me on a project I am working on.


(Sam Saffron) #5

Yeah this is a confirmed issue with the provider, it needs to be a bit smarter after a facebook/github auth.

I will mark this as bug and add pr-welcome for now


#6

Has there been any fix for this? I’m also experiencing this issue.