I am building a desktop application (not a web app) which includes a networking component, and I would like to be able to have a discourse forum associated to it and use the same authentication credentials for the application and the forum. Mainly, I am hoping to leverage discourse for the forum and for auth, since it already has a nice forum and robust, customizable auth and supports “reset password via email”.
The difficulty is that when users are running the application, they will enter their credentials there, not in a website.
In the instructions that I’ve found for using discourse as an SSO provider, they suggest that I generate a nonce, hash it appropriately, direct the user to a discourse url, and provide an expected return url.
What I really want though, is something simpler, more like “I give you an http query with a username and password, or, username + nonce + hash of password with nonce, you give me up or down”.
I realize that this is somewhat counter to the idea of allowing multiple auth, e.g. google, facebook logins, which is a major feature which discourse provides. However as I understand discourse also provides basic username / password auth – that’s the only part that I would use.
What concerns me more is that it doesn’t appear that I can get discourse to give me an http or other interface like that. Is this correct?
An alternative would be to try to dig the password info out of the database directly.
However this was strongly discouraged here: https://meta.discourse.org/t/registration-process-or-linking-to-other-db/29537
“Using two auth points and two different schemes would just be weird and error prone”
The thing is that, if I am forced to implement SSO in my app and not use discourse, then I have to implement email for password reset which I really don’t want to do from the ground up. I could try to use CAS or something in addition to discourse and make discourse use that for SSO… but I would really like to avoid adding another complex technology like this just for auth.
What I am considering to do is try to hack the discourse “basic auth” module so that it supports (local) connections from an intermediate server process, which I will create, which will talk to the desktop app, and on that channel, direct “user/password” queries would be supported. (Or perhaps, no hack is necessary and I can just use the discourse ruby api?) The reason would be that then there is only one db, no multiple auth points, discourse handles the password-reset emails for me.
Does this make sense?
Does it already exist?
Am I missing something obvious?
Should I be looking at something other than discourse if I am considering doing this?