The service is a node.js service. The service uses Express for routing. In the current setup, the user attempts to access a page that is restricted and is sent to our login page. From there, they say, click a link called “login”. That starts the SSO process and generates a URL to “/session/sso_provider”
This is defined here: Using Discourse as a SSO provider
After the user is redirected to the Discourse login, they enter their credentials, and Discourse redirects back to our service endpoint and we receive a token. This is all built into Discourse SSO.
This all works great if the user is created in Discourse. The problem arises if the discourse user account is an OAuth account linked to GitHub or other. Discourse redirects to GitHub or other provider and Github redirects back (standard OAuth behavior). Discourse fails at that point to redirect back to the service that started the SSO transaction.
Just to be clear, I am using Discourse as an SSO provider for our service. I think I failed to mention that.