SSO redirection using Microsoft Oauth2 plugin(without login button)

I need to login into discourse without clicking “Log In” button, currently I had implemented Microsoft Oauth2 authentication.
I checked the settings “enable sso” it used “/session/sso” for login & redirect.
Can there be any way like “/session/sso” for login(without click) using Oauth 2.

Yes… we can do something here… to clarify. You want a special path:

https://mydiscourse.com/auth/oauth2 and when you link to that from anywhere user is going to end up being logged in? (we may already have this working just need to confirm that it works for both logged in and not, also how the redirect after login works)

Stuff is a bit slow at the moment but we will get back to you on this in the next week or so.

@david can you add to your list?

4 Likes

If you have only one authentication method configured on your discourse instance, just use

https://mydiscourse.com/login

As @sam mentioned, you can also use the specific /auth URLs for all non-sso login methods. For the oauth2-basic plugin, the url is:

https://mydiscourse.com/auth/oauth2_basic

For the discourse-azure-ad plugin, the URL is

https://mydiscourse.com/auth/azure_oauth2

The behaviour for all of these methods is slightly different depending on whether the user is already logged in/registered to discourse:

  • Not logged in, not registered

    • Registration dialog appears, automatic login after registration, redirected to home page :white_check_mark:
  • Not logged in, registered

    • Automatic login, redirected to home page :white_check_mark:
  • Already logged in to another account, registered

    • Automatically switches to the new account, redirected to home page :white_check_mark:
  • Already logged in to another account, not registered

    • Registration dialog appears, error occurs when registering :x:
    • Refreshing the page corrects the problem, but this is a bug we should fix
5 Likes

Just to expand on this, how do we handle “login redirect”, eg: if the originator wants the user not to end up on the home page?

In core this is all handled automagically by the login button, but if you did want to send a user somewhere special after login you can add the ?origin= parameter to the /auth URL

For example: http://try.discourse.org/auth/facebook?origin=/t/60

4 Likes

We have private site, and no need ever to login if user is already login on site providing SSO

2 Likes

Hey,

Thanks a lot guys for your help, we got it working just need to change some settings.

Check these 2 settings as true -
login required - Require authentication to read content on this site, disallow anonymous access.
enable sso - Enable single sign on via an external site.
Add sso_url as “sso_url” and sso secret(your app secret).

And for logout go to User Settings & add a “logout redirect” as microsoft logout or parent url.
Using these settings whenever we hit the discourse domain url it checks for the parent sso login.