DEPRECATED

Please note that this plugin is no longer officially supported. We recommend using the official Discourse OAuth2 plugin instead.

Discourse + Auth0

This is a Discourse plugin to do Single Sign On using Auth0.

Demo: https://auth0.com/forum/

What do I get by using Auth0?

• Support for Active Directory / LDAP (see animated gif)
  • No matter if Discourse is on the cloud or on-prem, it will work transparently
  • Support for Kerberos too (configured by IP ranges)
• Support for other enterprise logins like SAML Protocol, Windows Azure AD, Google Apps, Salesforce, etc. All supported here: https://docs.auth0.com/identityproviders.
• Support for social providers without having to add OmniAuth strategies by hand. Just turn on/off social providers (see animated gif)
• Support for Single Sign On with other Discourse instances and any other application in your account (see animated gif.

Installation

• Create an account on Auth0 and open the application settings.

• Install Discourse. You can use this guide to install Discourse on any platform

• Edit your containers/app.yml to include this under hooks > after_code > exec > cmd:

   - git clone https://github.com/auth0/discourse-plugin.git auth0
  

• Follow the rest of the tutorial

• Login as an administrator using a discourse account (not auth0 yet)

• Configure your settings as shown in this image

̇

Enjoy!

Email verification

In order to login to discourse the email of the user should be verified either at the Auth0 service level or in Discourse itself.

Some Social Providers already verify the email but others not. If the user hasn't verified the email it will receive two emails the first one from Auth0 and the second one from Discourse. This can be confusing for the end-user, a simple fix is to only allow verified users to sign in to Discourse by using an Auth0 Rule like this:

function (user, context, callback) {
  if (!user.email_verified && context.clientID === 'introduce-discourse-client-id') {
    return callback(new UnauthorizedError('Please verify your email and sign in again.'));
  }
  return callback(null, user, context);
}

---

Adding Active Directory / LDAP

Adding Social Providers

Single Sign On Between multiple Discourse forums

Single Sign On with Windows Authentication

Using Discourse Login Dialog instead of Auth0

You can keep using Discourse Login dialog and integrate only a specific connection from Auth0. It will show up as another button like the social providers.

Go to admin site settings for Auth0 and change the auth0_connection with the connection name you want to use from Auth0.

Give admin rights to an email

$ RAILS_ENV=production bundle exec rails c
$ u = User.find_by_email('the-email-you-want-to-make-admin@whatever.com')
$ u.admin = true
$ u.save!

What is Auth0?

Auth0 helps you to:

• Add authentication with multiple authentication sources, either social like Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, amont others, or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider.
• Add authentication through more traditional username/password databases.
• Add support for linking different user accounts with the same user.
• Support for generating signed Json Web Tokens to call your APIs and flow the user identity securely.
• Analytics of how, when and where users are logging in.
• Pull data from other sources and add it to the user profile, through JavaScript rules.

Create a free Auth0 Account

1. Go to Auth0 and click Sign Up.
2. Use Google, GitHub or Microsoft Account to login.

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.