Tweaking SSO inconsistencies

Most profile fields can already be specified during the SSO process which is super-useful. From username to name, to bio, and even website was added last year. But, there’s some still minor quirks:

  • location seems to be missing — from a cursory look, seems to be the only obvious field that isn’t possible to change using SSO.
  • website can be specified during SSO, but unlike most (all?) other SSO profile fields, it doesn’t have a corresponding site setting to allow overriding the local value and prevent user from changing it.

I’m guessing these were just overlooked as the code base grew over time, as I can’t think of a reason for these exceptions. Unfortunately my Ruby and Discourse knowledge isn’t enough to submit a PR, but I wanted to report it — perhaps someone has the technical chops to do it.

I have implemented the changes to make the two items above work. Would be happy to contribute it back to Discourse, but I don’t know if this something that there’s interest in having upstream? /cc @sam

Let me know before I jump through the hoops to submit the PR. The code works but may need some revision/changes as I’m new to Discourse.

Go ahead and get the PR started so you can go through the CLA process, but:

This doesn’t really feel valuable to bother with - other fields on that page like the user card background image aren’t going to be available in SSO platforms, so there’s no consistency advantage to adding a lockdown to website.

1 Like

Sorry, not sure I understood what you meant there. I agree that card background has limited use on SSO (even though that is already implemented). website is an already implemented SSO field too — I have only added a sso_overrides_website setting, like the ones that already exists for username, avatar, bio etc so that it’s possible to not allow local changes and the SSO value to take precedence.