stackoom
  简体   繁体   中英

How to perform SSO using Discourse and Auth0?

 原文  2017-09-18 14:27:32       angularjs/ wordpress/ single-sign-on/ auth0/ discourse

Question

I am using trying to perform SSO using Auth0 for wordPress and discourse from my own application. the flow is mentioned below.

Image added here (low on rep) so cant post

The user enters user name and password in the application, the details are sent to the server which authenticates the user with the auth0 API and send back the token.

I have installed auth0 SSO plugin2 from GitHub in Discourse and all the client ID, client secrets are added to the plugin.

I want to know who to perform SSO in case of Discourse when I have logged into my application.

For WordPress were are using the following method. 

<form *ngIf="userService.isAuthenticated()" ngNoForm action="http://xx.xx.xx.xx/index.php?auth0=implicit&client_id=xxxxxxxxxxxxxxxxxxxxxxxxx&connection=xxxxxxxxxx"
    method="post">
    <input class="hidden" type="text" id="token" name="token" value="{{tokenValueIsHereReturnedbyAuth0Authentication}}" />
    <input class="hidden" type="text" id="redirect_to" name="redirect_to" value="http://xx.xx.xx.xx/index.html" />
    <input class="btn btn-primary pull-right" type="submit" value="View" />
</form>

So How to do similar thing in discourse?

I have tried the following

  1. https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045?u=deanmarktaylor

However i could not complete that as I do not know what is

https://somesite.com/sso?sso=PAYLOAD&sig=SIG

PAYLOAD and SIG is

Update:

The payload i think: what Auth0 gave me as access_token is the payload, which is encoded as Base64 (using: base64encode dot org) and SIG is a HMAC-SHA256 hash of the payload using sso_secret as the key and Base64 encoded payload (freeformatter dot com slash hmac-generator)

1 answers

solution1
 0  2018-02-02 22:55:50

Please check out my blog post about how to integrate a seamless SSO using Auth0 with Discourse.

You will basically need to set up a new Auth0 Rule that uses an already developed library that supports Discourse way to sign requests. Using your Client ID and Client Secret, copy and paste the code for that rule and bring a better way to handle SSO without using any extra plugin. Nice and easy :)

https://medium.com/leog-s-blog/discourse-sso-with-auth0-e49486d0294a

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get a username from response object using Auth0 Lock? How to customize auth0 Lock login UI? How to get user.email in server using auth0 and node.js? How to show Auth0 Lock in an inline page container when using Angular? Auth0 is not a consutructor - AngularJS and auth0 Auth0 NodeJS Authentification Refused using npm request Angular 2 + Rails + Auth0 How do I redirect to different pages with Auth0 and Lock in Angular 1? Circular Dependency Error with Auth0 Auth0 Authorization throws Unauthorized
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM