When using the create user API call with Google Sign-In, what should the password field be when sending the POST command? The Google Sign-In doesn’t actually return a password, so what should be used?
Nobody has any ideas?
Are you using user login and registration in a seperate app? If yes then you must use SSO instead of creating users via API.
Once the user is created by my external site, how does that user then get added to the discourse database? How does a key get created for that user, so they can post things to the site?
Just to keep all the discussion in one place, I’m replying to your message here.
If you use your master api_key in your android app then you have serious security issue. Developers can decrypt your app and can get api key easily.
Firebase will return
IdToken on successful login. You should send this to your server and validate it using one of the methods in Verify ID Tokens | Firebase. If it successful you can generate user api_key on server itself and send to android client.
Also you can store the
user api_key (not master api_key) on Firebase behind auth rules and retrieve anytime.
If I don’t use Firebase, but use the normal Discourse auth, what is the normal API flow for creating a user and then having that user login?
How long do the user API keys last? Do they expire?
Also, if I allow Google and Facebook logins, how are those users created in the Discourse server using API calls?
The CURL for creating a user indicates that an api_key and api_username are required. What are those if a user is trying to create a new account and they don’t have a key or username?
curl -X POST --data "firstname.lastname@example.org&password=P@ssword&active=true" http://localhost:3000/users?api_key=test_d7fd0429940&api_username=test_user
Like I already told SSO is the best option even if you have Google, Facebook logins in original website.
For Android app
Simple solution is buy hosting at discourse.org. Discourse already have open source android which is currently work only their customers.
Else you have to autorize Discourse instance from android like how they did in their official app. Stll you may use SSO in this case.
I think since it is little advanced concept, if you want more help then you have to post a job in #marketplace. Then myself or someone else will help you to find alternative solution.