SSO vs Oauth2 difference?

faq-material

(Remy Dev) #1

Hello

I’m working on a website with django CMS.
I would like to link the user accounts of my site to discourse.

In the first sept, I wish understand the différence between
SSO and Oauth2 I thought it was the same thing, but there are two tools, so it can’t be the same thing.
Thanks


(Rafael dos Santos Silva) #2

SSO, when activated will be the only way to log in.

oAuth2 can be one of the login methods, like having the option to login with oAuth2 and Facebook and local password.

SSO also provides more functionality, like receiving bios, avatars, group membership, etc.


(Leo Giovanetti) #3

Jumping in as I also need some clarifications about this.

Is there any way I can enable SSO with OAuth2? My identity provider has all the configuration to set up OAuth2, like oauth2 client id, oauth2 client secret, oauth2 authorize url, oauth2 token url, oauth2 user json url, information paths to the correspondent piece of data in the returned json. But I can’t seem to enable SSO to rely on OAuth2.

Thanks!


Login to Discourse with custom Oauth2 provider
(Jeff Atwood) #4

I believe we had a customer with a single oAuth 2 provider, so we forced it through rather than making the user pick from a menu of … one item … as I recall @sam worked on it but I may be mistaken.


(Sam Saffron) #5

Yeah if there is only one way to login we bypass a screen so you don’t have to “click” and then “click” when logging in.

Our default GitHub - discourse/discourse-oauth2-basic: A basic OAuth2 plugin for use with Discourse supports a lot of stuff, but is not as rich as SSO. So it depends on how much information you want to drive from oAuth2.

If basic is not good enough you will need to build another custom plugin to fish out the rest of the fields or do a PR to our official basic plugin.


Login to Discourse with custom Oauth2 provider
(Leo Giovanetti) #6

Thanks for the explanation.

I would very much like to see how can I bypass the unnecessary screen if the code is available somewhere.

Anyway, between this and Login to Discourse with custom Oauth2 provider answer, I think I have a clear path now. Feel free to continue asking @remy_dev if is not enough for you :slight_smile:

Thanks again!


(Michael Brown) #7

i.e. if you disable ALL other authentication methods except one, that should happen. Don’t forget “Local Login”!


(Leo Giovanetti) #8

Ah right! When login in that happens, I kept thinking about creating a user, which after OAuth2 comes a user creation dialogs shows up. I guess I want the SSO flow as ideally, the user should not need to create an account again.

I will need to see what can I do. Auth0, the identity provider I use, does not seem to have a clear path to hook up SSO in a straightforward way.

Thanks again, again :stuck_out_tongue:


(Michael Brown) #9

Have you seen:


(Leo Giovanetti) #10

Definitely tried it: Customize login modal · Issue #20 · auth0/discourse-plugin · GitHub. :+1:


(Rafael dos Santos Silva) #11

One big difference that bothers me is:

  • When using SSO, and login required if you go to the forum home, the login process starts automatically.

  • If you have only one oAuth2 login method, and login required, navigating to the forum home displays a page asking you to log in.


(Sam Saffron) #12

Interesting, yeah that is a big with login required that we should fix