We are using our own application as the SSO provider to Discourse, and we’re having an issue when linking users to private topics in our Discourse forum from our application, in that authentication is only triggered when clicking the ‘Login’ button.
- We use our own system as the SSO provider to Discourse.
- We have a mixture of public and private pages on our Discourse, so we don’t have login_required set.
- If a user authenticates in to our system, and we link them to our Discourse root url, they are shown the public categories but are not logged in.
- If a user authenticates in to our system, and we link them to our Discourse + /login, they are logged in fine, and redirected to the root Discourse URL.
- If a user authenticates in to our system, and we link them to the URL of a private category/topic in Discourse, they are shown a page asking them to login. If they click Login, they are automatically logged in and shown the category/topic.
This last case is the problematic one. I think one of the following would be good:
- we can link to ourdiscourse dot com/c/some-category?login=true and an auth check is performed - if user is logged in, show them the topic. If not, send them to our SSO provider, and redirect them back to the topic after logging in.
- we can link to ourdiscourse dot com/login?redirect=c/some-category and an auth check is performed - if successful, redirect to the page on the query string, if not, redirect to SSO provider, and redirect to the page on the query string after successful authentication
- we can link to ourdiscourse dot com/c/some-category, and if it’s a private page, Discourse performs an auth check, which if successful takes you to the category; if not successful, redirects to SSO provider, then redirects back.
(I’ve posted the issue before here - apologies for multiple postings, but I thought perhaps a new topic might get more response)