Use OAuth Plugin for Auth0 more seamlessly

SSO
1

I am currently trying to bring Auth0 authentication to my Discourse app. I essentially followed the workflow here and I get things running.

However, I am not quite happy with it for several reasons:

  1. After clicking on sign in/up, there is only a button "with Auth0’. I want there Auth0 login/sign up panel the only thing that shows up after clicking sign in/up at the top of the Discourse page.
  2. After authentication with Auth0, people should not have to create a new user, instead it should all be fine because of Auth0.
  3. E-mail authentication should be or should have been handled via Auth0, not via Discourse.
  4. If you already have logged in via Auth0 in that browser, possibly with the same app from Auth0, in another module of our platform, then you should be automatically logged in.
  5. There should still be the possibility to login as the admin user, as this might turn out to be more challenging after implementing point no. 1.

Could you help me to setup everything or at least parts of it?

2

I believe you can check this setting in discourse auth_overrides_email for this.

And you can use this sight setting for this: auth_skip_create_confirm

When signing up via external auth, skip the create account popup. Best used alongside auth_overrides_email, auth_overrides_username and auth_overrides_name.

There is also the auth_immediately setting which might do what you are after as well:

Automatically redirect to the external login system without user interaction. This only takes effect when login_required is true, and there is only one external authentication method

You can visit /u/admin-login to bypass oauth.

3 Likes
3

Many thanks for your input, @blake :slight_smile:

Do you also have some input for the points 1 and 4 or are these more difficult?

4

I think these settings auth_immediatley and auth_skip_create_confirm will address points 1 and 4. Can you enable them and see if it improves things?

5

@blake Many thanks for your input.

I did everything as outlined in the setup page plus your suggestions. However, when I try to login this appears

sign_in
sign_in1358Γ—904 47.6 KB

Whereas at https://community.auth0.com/ this is what shows for trying to login (and is intended for my site as well)

discourse_auth0
discourse_auth0868Γ—1300 50.4 KB

Furthermore, I tried to login with my test e-mail and it still requires e-mail auth despite the e-mail is authenticated at Auth0

email_verification
email_verification1080Γ—348 37.1 KB

Do you know how to change it accordingly?

6

Try disabling the enable local logins settings. This should remove the ability to login leaving your users only the option of logging in with OAuth2.

I would recommend doing this this in a separate browser session though. That way you can revert any changes you make if you have configuration problems without losing the ability to login.

7

Hello @blake
Thanks for the insights. I have made some progress but unfortunately there is still a slight problem with login. Whenever I hit the login button, correct information for the user is fetched from auth0, but discourse still tries to create an account.
I am taken to a Welcome, lets create your account screen with an error that says Primary email has already been taken error.

This is my current config for all the overrides:

Capture
Capture1107Γ—878 28.4 KB

Kindly assist, thanks.

8

Hi Robert!

You can fix this by enabling this setting: oauth2 allow association change

9

Hello @leonardo unfortunately the issue still persists after enabling that setting.

10

somehow it is working well now. I added oauth2 email verified rule and its now working. Interesting.

11

Love this plugin. I notice when I sign out, it does sign me out out Discourse. But when I click sign in… it immediately signs me back in (without going to Auth0). I allowed the logout URI in my Auth0 App, but it looks like https://AUTH0_DOMAIN/v2/logout never gets called from this plugin. Who maintains this? Can this be added?