SSO, when activated will be the only way to log in.
oAuth2 can be one of the login methods, like having the option to login with oAuth2 and Facebook and local password.
SSO also provides more functionality, like receiving bios, avatars, group membership, etc.
Jumping in as I also need some clarifications about this.
Is there any way I can enable SSO with OAuth2? My identity provider has all the configuration to set up OAuth2, like oauth2 client id, oauth2 client secret, oauth2 authorize url, oauth2 token url, oauth2 user json url, information paths to the correspondent piece of data in the returned json. But I can’t seem to enable SSO to rely on OAuth2.
Thanks!
I believe we had a customer with a single oAuth 2 provider, so we forced it through rather than making the user pick from a menu of … one item … as I recall @sam worked on it but I may be mistaken.
Yeah if there is only one way to login we bypass a screen so you don’t have to “click” and then “click” when logging in.
Our default GitHub - discourse/discourse-oauth2-basic: A basic OAuth2 plugin for use with Discourse supports a lot of stuff, but is not as rich as SSO. So it depends on how much information you want to drive from oAuth2.
If basic is not good enough you will need to build another custom plugin to fish out the rest of the fields or do a PR to our official basic plugin.
Thanks for the explanation.
I would very much like to see how can I bypass the unnecessary screen if the code is available somewhere.
Anyway, between this and Login to Discourse with custom Oauth2 provider answer, I think I have a clear path now. Feel free to continue asking @remy_dev if is not enough for you 
Thanks again!
i.e. if you disable ALL other authentication methods except one, that should happen. Don’t forget “Local Login”!
Ah right! When login in that happens, I kept thinking about creating a user, which after OAuth2 comes a user creation dialogs shows up. I guess I want the SSO flow as ideally, the user should not need to create an account again.
I will need to see what can I do. Auth0, the identity provider I use, does not seem to have a clear path to hook up SSO in a straightforward way.
Thanks again, again 
Have you seen:
Definitely tried it: Customize login modal · Issue #20 · auth0/discourse-plugin · GitHub. 
One big difference that bothers me is:
When using SSO, and login required if you go to the forum home, the login process starts automatically.
If you have only one oAuth2 login method, and login required, navigating to the forum home displays a page asking you to log in.
Interesting, yeah that is a bug with login required that we should fix
I definitely want to get this improved but it is not slotted quite yet. @david do you want to take this TODO? Not urgent but some time in the next 6 months.
I will probably attempt to workaround this for now by refreshing GitHub - ComputerScienceHouse/DiscourseOIDC: OpenID Connect Bridge for Discourse SSO.
Also, something I’m missing for OAuth2 / OIDC as compared to SSO is the ability to utilize group information. If I get to make the bridge, ill add that ability in the bridge by passing such info along.
@sam As-tu des nouvelles à ce sujet ? Il semble que, même si nous n’avons qu’une seule méthode de connexion, il faille toujours cliquer sur « Se connecter » pour accéder au forum. Je pense que l’authentification unique (SSO) est une alternative, mais elle nécessite une couche supplémentaire dans votre infrastructure et ajoute donc de la complexité. Je réfléchis donc à savoir si nous devrions opter pour cette solution ou non.
Rien pour l’instant, mais cela figure toujours sur notre liste de mise en œuvre. Je vais jeter un coup d’œil cette semaine pour évaluer le travail nécessaire.
Ceci est maintenant implémenté :
Si un seul authentificateur externe est activé et que les connexions locales sont désactivées et que le site nécessite une connexion, les utilisateurs seront redirigés directement vers la page d’authentification externe. Cela correspond exactement à la mise en œuvre de notre SSO natif Discourse.
Je ne vois aucune raison pour laquelle quelqu’un ne voudrait pas cela, c’est donc désormais le comportement par défaut.