So you want to use Discourse as a SSO provider for your own web app? Great! Let’s get started.
Enable SSO provider setting
Under Discourse admin site settings (/admin/site_settings) enable setting
enable sso provider and set
sso secret to a secret string (used to hash SSO payloads).
Implement SSO in your web app:
Generate a random nonce. Save it temporarily so that you can verify it with returned nonce value
Create a new payload with nonce and return url (where the Discourse will redirect user after verification). Payload should look like:
Base64 encode the above raw payload. Let’s call this payload as
URL encode the above
BASE64_PAYLOAD. Let’s call this payload as
Generate a HMAC-SHA256 signature from
BASE64_PAYLOADusing your sso_secret as the key, then create a hex string from this. Let’s call this signature as
Send auth request to Discourse
Redirect the user to
Get response from Discourse:
If the above steps are done correctly Discourse will redirect logged in user to the provided
RETURN_URL. You will get query string parameters with
sso along with some user info. Now follow below steps:
Compute the HMAC-SHA256 of
ssousing sso_secret as your key.
sigfrom it’s hex string representation back into bytes.
Make sure the above two values are equal.
sso, you’ll get the passed embedded query string. This will have a key called
noncewhose value should match the nonce passed originally. Make sure that this is the case.
You’ll find this query string will also contain a bunch of user information, use as you see fit.
That’s it. By now you should have set up your web app to use Discourse as SSO provider!
Discourse official “Using Discourse as SSO provider” implementations:
- An http proxy (using golang) that uses Discourse SSO to authenticate users (only Admins): https://github.com/discourse/discourse-auth-proxy (made by @sam)
Community contributed “Using Discourse as SSO provider” implementations:
A Go package that implements Discourse as SSO provider: https://github.com/sekhat/godiscuss/blob/master/sso/sso.go (made by @sekhat)
A PHP script that implements Discourse as SSO provider: https://gist.github.com/paxmanchris/e93018a3e8fbdfced039 (made by @paxmanchris)