SSO, when activated will be the only way to log in.
oAuth2 can be one of the login methods, like having the option to login with oAuth2 and Facebook and local password.
SSO also provides more functionality, like receiving bios, avatars, group membership, etc.
Jumping in as I also need some clarifications about this.
Is there any way I can enable SSO with OAuth2? My identity provider has all the configuration to set up OAuth2, like oauth2 client id, oauth2 client secret, oauth2 authorize url, oauth2 token url, oauth2 user json url, information paths to the correspondent piece of data in the returned json. But I can’t seem to enable SSO to rely on OAuth2.
Thanks!
I believe we had a customer with a single oAuth 2 provider, so we forced it through rather than making the user pick from a menu of … one item … as I recall @sam worked on it but I may be mistaken.
Yeah if there is only one way to login we bypass a screen so you don’t have to “click” and then “click” when logging in.
Our default GitHub - discourse/discourse-oauth2-basic: A basic OAuth2 plugin for use with Discourse supports a lot of stuff, but is not as rich as SSO. So it depends on how much information you want to drive from oAuth2.
If basic is not good enough you will need to build another custom plugin to fish out the rest of the fields or do a PR to our official basic plugin.
Thanks for the explanation.
I would very much like to see how can I bypass the unnecessary screen if the code is available somewhere.
Anyway, between this and Login to Discourse with custom Oauth2 provider answer, I think I have a clear path now. Feel free to continue asking @remy_dev if is not enough for you 
Thanks again!
i.e. if you disable ALL other authentication methods except one, that should happen. Don’t forget “Local Login”!
Ah right! When login in that happens, I kept thinking about creating a user, which after OAuth2 comes a user creation dialogs shows up. I guess I want the SSO flow as ideally, the user should not need to create an account again.
I will need to see what can I do. Auth0, the identity provider I use, does not seem to have a clear path to hook up SSO in a straightforward way.
Thanks again, again 
Have you seen:
Definitely tried it: Customize login modal · Issue #20 · auth0/discourse-plugin · GitHub. 
One big difference that bothers me is:
When using SSO, and login required if you go to the forum home, the login process starts automatically.
If you have only one oAuth2 login method, and login required, navigating to the forum home displays a page asking you to log in.
Interesting, yeah that is a bug with login required that we should fix
I definitely want to get this improved but it is not slotted quite yet. @david do you want to take this TODO? Not urgent but some time in the next 6 months.
I will probably attempt to workaround this for now by refreshing GitHub - ComputerScienceHouse/DiscourseOIDC: OpenID Connect Bridge for Discourse SSO.
Also, something I’m missing for OAuth2 / OIDC as compared to SSO is the ability to utilize group information. If I get to make the bridge, ill add that ability in the bridge by passing such info along.
@sam 关于这个问题有什么更新吗?看起来,即使我们只有一种登录方式,您仍然需要点击登录才能访问论坛。我认为单点登录(SSO)是一个替代方案,但它需要在您的基础设施中增加一层,从而增加了复杂性,所以我正在权衡是否应该采用它。
目前还没有,但这仍在我们的实施计划中。我本周会查看一下,看看需要多少工作量。
现已实现:
如果仅启用一个外部身份验证器,且本地登录已禁用,且网站要求登录,则用户将被直接重定向至外部身份验证页面。这与我们 Discourse 原生的 SSO 实现完全一致。
我想不出有任何理由不希望这样,因此这现已成为默认行为。