This is post is about a feature that definitely does not exist but that I want to implement myself. At this point though I have no idea how much work it might be and the aim of this question is to try and work out what is required.
Some context, we are working on a passwordless authentication solution. https://trykno.com/ The solution works as a service, meaning the site owners using the service do not have to handle securely sending emails or storing any secrets and personal identifying information.
It would be great for us to have a forum for the project, and would like to use Discourse.
However we need to change out the authentication so that it uses Kno.
Questions?
Is the authentication system in discourse pluggable?
Are there any hard-coded assumptions that the user has an email?
What is the front end framework, (I see ember-rails in the gemfile, but no reference to ember in package.json)
Sorry if these questions are simplistic, I am not a Ruby dev and any handles onto the problem would be valuable. Thanks
It’s currently possible not to use a password and just have a link sent to you.
If you’re point is to develop kno, you likely want to develop it as an oauth server. Then people could use it as one of several authentication sources where sso is the only one. See OAuth2 Basic Support
I see the possibility of getting a link sent, but kno provides more such as device auth via webauthn once you have confirmed your email onetime.
Developing as an Oauth server unfortunately doesn’t fill the requirements that we need. (I should probably write something in our FAQ as to why this is, but it comes down to know Kno lets you authenticate on one device using a different device).
Looking at things a bit more it looks like I should be able to put together a workable first version by implementing a discourse specific SSO solution.
Is it possible to use one OAuth provider, and disable all other kinds of authentication?
In such a case it would also be good if clicking login automatically started the auth flow, i.e. without opening the login modal and asking the user to select the provider
Oh well this is excellent.
no I haven’t tried it because I haven’t implemented the oauth provider for my service, and I guess after that I need to write a plugin because it will be a new oauth provider.
I have nearly finished my SSO integration, so I guess it’s the perfect time to switch over to using oauth.