SSO without storing personal user data in my own database

Hi Guys,

I bet you heard about GDPR in Europe. Which my question is related to. This is the situation:

  • Our website uses Wordpress as login system and we want to keep it that way for our editors.
  • Due to GDPR we don’t want any personal data from readers in our Wordpress database. We want to keep it in Discourse.

Having Discourse as separate forum is fine. However we also do want people to log in with Discourse on our main site to comment on articles. The idea is to let them comment directly under the article and don’t bounce to Discourse. An article has a topic as ‘comment hub’ and comments will be posted and loaded under articles via the Discourse API. We are fine building a custom solution for that, but we don’t want personal user data in our Wordpress database due to GDPR.

It’s my understanding that with the SSO implementation via wp-discourse where discourse acts as the SSO provider it will create users in Wordpress. I tried thinking of creative ways to solve this, like using the _t cookie. But it’s not accessible in the Wordpress domain. Any ideas to enlighten me?