I have been working to create authentication for my 3rd party application using Discourse as a SSO provider.
This means I get a response from discourse, to my web app containing the discourse user. Everything works flawlessly until I remind myself that I need to store the user with a token to keep my user logged in. I do not receive a token from the discourse server, which brings me to the following question.
How do I store my user in a secure way after I verify that the nonce I sent over with my payload and the nonce I receive corresponds to one another?
The data I am retrieving from the authenticated user is the following:
If I am displaying ignorance on this topic then feel free to enlighten me.