Use OAuth Plugin for Auth0 more seamlessly

tobi1 · August 6, 2022, 9:39pm

I am currently trying to bring Auth0 authentication to my Discourse app. I essentially followed the workflow here and I get things running.

However, I am not quite happy with it for several reasons:

After clicking on sign in/up, there is only a button "with Auth0’. I want there Auth0 login/sign up panel the only thing that shows up after clicking sign in/up at the top of the Discourse page.
After authentication with Auth0, people should not have to create a new user, instead it should all be fine because of Auth0.
E-mail authentication should be or should have been handled via Auth0, not via Discourse.
If you already have logged in via Auth0 in that browser, possibly with the same app from Auth0, in another module of our platform, then you should be automatically logged in.
There should still be the possibility to login as the admin user, as this might turn out to be more challenging after implementing point no. 1.

Could you help me to setup everything or at least parts of it?

blake · August 8, 2022, 9:09am

I believe you can check this setting in discourse auth_overrides_email for this.

And you can use this sight setting for this: auth_skip_create_confirm

When signing up via external auth, skip the create account popup. Best used alongside auth_overrides_email, auth_overrides_username and auth_overrides_name.

There is also the auth_immediately setting which might do what you are after as well:

Automatically redirect to the external login system without user interaction. This only takes effect when login_required is true, and there is only one external authentication method

You can visit /u/admin-login to bypass oauth.

tobi1 · August 8, 2022, 2:40pm

Many thanks for your input, @blake

Do you also have some input for the points 1 and 4 or are these more difficult?

blake · August 8, 2022, 5:17pm

I think these settings auth_immediatley and auth_skip_create_confirm will address points 1 and 4. Can you enable them and see if it improves things?

tobi1 · August 10, 2022, 2:32pm

@blake Many thanks for your input.

I did everything as outlined in the setup page plus your suggestions. However, when I try to login this appears

Whereas at https://community.auth0.com/ this is what shows for trying to login (and is intended for my site as well)

Furthermore, I tried to login with my test e-mail and it still requires e-mail auth despite the e-mail is authenticated at Auth0

Do you know how to change it accordingly?

MarkDoerr · December 16, 2022, 6:45pm

Try disabling the enable local logins settings. This should remove the ability to login leaving your users only the option of logging in with OAuth2.

I would recommend doing this this in a separate browser session though. That way you can revert any changes you make if you have configuration problems without losing the ability to login.

robertkibet · January 20, 2023, 9:45am

Hello @blake
Thanks for the insights. I have made some progress but unfortunately there is still a slight problem with login. Whenever I hit the login button, correct information for the user is fetched from auth0, but discourse still tries to create an account.
I am taken to a Welcome, lets create your account screen with an error that says Primary email has already been taken error.

This is my current config for all the overrides:

Kindly assist, thanks.

leonardo · January 20, 2023, 1:22pm

Hi Robert!

You can fix this by enabling this setting: oauth2 allow association change

robertkibet · January 20, 2023, 1:49pm

Hello @leonardo unfortunately the issue still persists after enabling that setting.

robertkibet · January 20, 2023, 2:24pm

somehow it is working well now. I added oauth2 email verified rule and its now working. Interesting.