I’m still reading through old threads on using WP SSO, but I was curious if sharing our roadmap might surface any advice. Are there things we should look out for? Things we should avoid?
Our Stack:
WordPress (foundation)
MemberPress (manages user accounts)
LearnDash (LMS, course creation)
Discourse (private, member community)
Our Desired Onboarding Experience:
Visitor arrives on our WP site (content marketing) & converts to paid member.
– We’re thinking about a 24-hour free trial (w/ auto-conversion).
TL0 gets read-only access to the bulk of the categories.
TL0-1 promotion requires 5 minutes posting an introduction.
After 24hrs, member’s card is charged, membership is official, auto-promoted to TL1.
WP SSO would manage accounts so that only paid/current members have access to both community and LMS content.
I’m curious if there’s either a simpler or better way to do this. Reducing new member friction is important, but so is ensuring longterm scalability, ya know?
From your onboarding list, it looks like you are hoping to override the Discourse trust level system. I think a better approach would be to use Discourse group membership to control access to your site’s content. For details about how this works, see How to use category security settings to control access to content.
The WP Discourse plugin has a couple of functions that you can use to add and remove users from groups. Details are in this topic: Managing Discourse group membership with WP Discourse. That topic uses the PaidMembershipsPro plugin as an example, but the same idea should work with MemberPress.
Those threads were helpful. I’ve got WP Discourse installed and connected to Discourse. I might even have some new (better) ideas for our onboarding experience. Thank you, @simon!
I stopped short of making any SSO decisions, though. Afraid the more I read about these, the more my brain goes in circles and I get dizzy. Could I trouble you for a bit more advice on this front?
Given: WordPress & MemberPress + Discourse + LearnDash… and wanting to pay gate everything that isn’t a blog post…
If Discourse is SSO CLIENT, we’d use MemberPress to manage accounts in WordPress and access to LearnDash courses. This was how we approached things from the start, so it inherently makes sense, if not from a place of implementation/scalability best practices.
If Discourse is SSO PROVIDER, we’d need to source and implement a paygate on the Discourse side (none of which I’ve seen so far instill much confidence, to be honest). If we could dump MemberPress on the WP side, it might be worth the switch, but I’m not sure how this would work with wanting synced users in WP accessing LMS content at special, member-prices, while the general public was presented full retail.
Does this make sense? Tried to make this clear, but I’m getting a bit turned around.
I feel like one email to Jay would handle this, but every dollar spent on dev is a dollar we don’t have for the rest of our startup plans. (Feels more and more like we should defer to Jay.)
Un desarrollo interesante en esta pila/front. @simon, me gustaría saber tu opinión.
MemberPress gestiona las membresías y el procesamiento de pagos. Es bastante sencillo.
MemberPress está diseñado para gestionar el acceso a contenido local de WordPress.
MemberPress no tiene autoridad para limitar el acceso a Discourse mediante SSO.
Lo que he descubierto es que, cuando se rechaza la tarjeta de crédito de alguien, se suspende su membresía, pero como aún pueden iniciar sesión en WordPress, mantienen el acceso a Discourse a través de SSO.
¿Cuánto trabajo sería hacer que el plugin de SSO tenga en cuenta el estado de la membresía (de MemberPress) antes de permitir que alguien inicie sesión en Discourse?
Siento que la forma en que hemos integrado las cosas hasta ahora es rentable y lo suficientemente sencilla que, si el plugin de SSO manejara esto, estaríamos cubiertos por el futuro previsible, pero también siento que este camino también conduce a un trabajo de desarrollo personalizado de alto nivel.
Cuanto más podamos mantener las cosas cerca de Discourse estándar, mejor estaremos, en mi opinión.
Gracias de nuevo por el consejo. Perdona la interrupción, Simon.
Si puedes averiguar cómo determina MemberPress qué usuarios deben tener acceso al contenido protegido en WordPress, entonces los mismos datos pueden usarse para restringir los inicios de sesión SSO en Discourse. Para ello, deberás agregar una declaración condicional a las dos funciones en la segunda publicación de este tema: Cómo evitar que algunos usuarios de WP puedan iniciar sesión en Discourse. La declaración condicional debe devolver true si la cuenta del usuario ha sido suspendida.
Lo que deseas lograr es factible, pero es posible que necesites ayuda de un desarrollador de WordPress para determinar qué incluir en la declaración condicional de las dos funciones que enlucé.
