Wordpress SSO closing site

Hi there,

I am working with someone to move their site off of wordpress and they are currently utilizing the wordpress SSO feature for their discourse forum.

Is there any way to keep the users and allow them to log in once the wordpress site is no longer live? Is this something that has to be done before the site goes down?

If we close the site and the users try to reset their password, will that allow them to then log in?

Our migratepassword plugin (here) supports Wordpress hashes.

You could do the following:

  • export the encrypted Wordpress password hashes together with the user ID’s
  • lookup the associated Discourse user (matching the Wordpress ID with the Discourse external SSO ID)
  • add the encrypted password hash as a user custom field called import_pass
  • install the plugin
  • :partying_face: enjoy your users logging in with their existing email/pass combination

Thanks @RGJ! excuse my unfamiliarity here – the WP password hashes will be in the WP DB I’m assuming? there isn’t anything related to this stored in the discourse DB for this login flow?

I’m probably not going to be doing this in discourse itself, so the hashes would just be an additional column in the user table for discourse (column title import_pass)? And then once the plugin migratepassword is installed, it will just work with that column/data there?

Yes, user_pass in the users table.

There is an external_id stored in Discourse, which can be associated with the Wordpress user ID.
Table: single_sign_on_records, columns: user_id and external_user_id.

Almost. Would be additional records in a table (user_custom_fields) associated with the users (user_custom_fields.user_id = user.id) and user_custom_fields.name='import_pass'.


1 Like