SSO, when activated will be the only way to log in.
oAuth2 can be one of the login methods, like having the option to login with oAuth2 and Facebook and local password.
SSO also provides more functionality, like receiving bios, avatars, group membership, etc.
Jumping in as I also need some clarifications about this.
Is there any way I can enable SSO with OAuth2? My identity provider has all the configuration to set up OAuth2, like oauth2 client id, oauth2 client secret, oauth2 authorize url, oauth2 token url, oauth2 user json url, information paths to the correspondent piece of data in the returned json. But I can’t seem to enable SSO to rely on OAuth2.
Thanks!
I believe we had a customer with a single oAuth 2 provider, so we forced it through rather than making the user pick from a menu of … one item … as I recall @sam worked on it but I may be mistaken.
Yeah if there is only one way to login we bypass a screen so you don’t have to “click” and then “click” when logging in.
Our default GitHub - discourse/discourse-oauth2-basic: A basic OAuth2 plugin for use with Discourse supports a lot of stuff, but is not as rich as SSO. So it depends on how much information you want to drive from oAuth2.
If basic is not good enough you will need to build another custom plugin to fish out the rest of the fields or do a PR to our official basic plugin.
Thanks for the explanation.
I would very much like to see how can I bypass the unnecessary screen if the code is available somewhere.
Anyway, between this and Login to Discourse with custom Oauth2 provider answer, I think I have a clear path now. Feel free to continue asking @remy_dev if is not enough for you 
Thanks again!
i.e. if you disable ALL other authentication methods except one, that should happen. Don’t forget “Local Login”!
Ah right! When login in that happens, I kept thinking about creating a user, which after OAuth2 comes a user creation dialogs shows up. I guess I want the SSO flow as ideally, the user should not need to create an account again.
I will need to see what can I do. Auth0, the identity provider I use, does not seem to have a clear path to hook up SSO in a straightforward way.
Thanks again, again 
Have you seen:
Definitely tried it: Customize login modal · Issue #20 · auth0/discourse-plugin · GitHub. 
One big difference that bothers me is:
When using SSO, and login required if you go to the forum home, the login process starts automatically.
If you have only one oAuth2 login method, and login required, navigating to the forum home displays a page asking you to log in.
Interesting, yeah that is a bug with login required that we should fix
I definitely want to get this improved but it is not slotted quite yet. @david do you want to take this TODO? Not urgent but some time in the next 6 months.
I will probably attempt to workaround this for now by refreshing GitHub - ComputerScienceHouse/DiscourseOIDC: OpenID Connect Bridge for Discourse SSO.
Also, something I’m missing for OAuth2 / OIDC as compared to SSO is the ability to utilize group information. If I get to make the bridge, ill add that ability in the bridge by passing such info along.
@sam ¿Hay alguna actualización sobre esto? Parece que, aunque solo tengamos un método de inicio de sesión, aún es necesario hacer clic en «Iniciar sesión» para acceder al foro. Creo que SSO es una alternativa, pero requiere una capa adicional en tu infraestructura y, por lo tanto, añade complejidad, así que estoy debatiendo si deberíamos optar por eso o no.
Aún no, pero sigue en nuestra lista de implementación. Lo revisaré esta semana y veré cuánto trabajo requerirá.
Esto ya está implementado:
Si solo hay un autenticador externo habilitado y los inicios de sesión locales están deshabilitados y el sitio requiere inicio de sesión, los usuarios serán redirigidos directamente a la página de autenticación externa. Esto coincide exactamente con la implementación de nuestro SSO nativo de Discourse.
No se me ocurre ninguna razón por la que alguien no quisiera esto, por lo que este es ahora el comportamiento predeterminado.