Nice work in figuring that out
I don’t want to detract from the work you’ve done, but my first take on this is that you should consider using an external auth service (such as okta.com or auth0.com) at this point. Whenever you reach the point of connecting three different services (e.g. Patreon, Wordpress and Discourse) to achieve a single authentication in one go, it’s a sign you should be considering a dedicated authentication solution. Whether or not you can achieve it somehow, there’s a decent long-tail risk here that your solution will break down, or not work in all cases.
If you still want to go down this path, I have some suggestions, but fair warning that this is going to get a bit technical. I’m partly adding these here in case anyone else comes across this and wants to take this further.
I took a quick look at the Patreon Wordpress Plugin code and it looks like their OAuth flow accepts a final_redirect_uri
key/value in the state
param which would allow you to go directly from Patreon authentication to Discourse SSO, removing the need for both the Members and Redirect plugins mentioned above, and eliding any issues that may arise with that approach.
Many authentication services have a version of the final_redirect_uri
parameter, i.e. a parameter which will allow you to change where the user is sent after authentication. If you’re reading this because you’re trying to solve the same problem, but with a different service (i.e other than Patreon), and you’ve also decided that my warning against connecting 3 different services doesn’t apply, then that is where you should look.
That means you’d want the shortcode that generates the Patreon login button to accept a final_redirect_uri
as an argument, which would then be passed down to the eventual login url used by Patreon. Looking at the Patreon Wordpress Plugin code, that’s a feasible proposition. To give you a sense, the relevant function that generates the Patreon url looks like this:
Patreon_Frontend::patreonMakeLoginLink(false, array( 'final_redirect_uri' => # ) );
Basically, the code is already partially set up to handle a custom final_redirect_uri
. I can understand why the Patreon Wordpress Plugin developers might not want to add it, but if you feel you’re confident enough with describing what I’ve described here, it might be worth creating an issue on their github repostiory. Failing that, you can use that function I’ve referenced above to generate a link yourself and create your own button (or hire a Wordpress developer to do that).
Just a minor note on the sso url construction, it’s a bit clearer to use
https://discourse.example.com/session/sso?return_path=/
instead of
https://discourse.example.com/session/sso?return_path=%2F
That last bit, the return_path
, is the path the user is being sent to in Discourse after login. If it’s /
they’ll be sent to the forum homepage. For more on SSO url construction, see WP Discourse Tips and Tricks.