Easy, configurable Discourse SSO: GET api/auth/login -> recieve a JWT with user data. Allows using Discord as your SSO provider to authenticate users into your own websites.
Based on the official implementation, written in ASP.NET Core, but you needn't touch the code, everything is setup using configuration. This means you can use this regardless of your tech stack.
Using this will allow you to share your discourse userbase with your websites!
- Build the project for your target OS (probably ubuntu)
- Add your configuration to
appsettings.json - In your Discourse app, go to settings -> login -> and set
enable sso providerto true, also enter thesso secret - That's it! Perform
GET api/auth/loginto get a JWT contining user data! (the user will be prompted to log in if not already logged in)
Ideally your JS client would make that request then store the JWT and use it in the authorization header when querying your APIs, once the JWT experies it would make that request again to get another JWT and so on.
The configuration is located in the file appsettings.json, resembling:
{
"DiscourseSso": {
"SsoSecret": "Xmp4wB6aMULmujXd", // sso secret you setup in Discourse settings
"DiscourseRootUrl": "http://community.example.com" // your discourse site URL without the trailing backslash at end
},
"Jwt": {
"SecretKey": "Xmp4wB6aMULmujXd", // key used to sign the JWT (the one your APIs will use to validate it)
"Issuer": "DiscourseSso", // "iss" claim in JWT
"Expiry": "", // "exp" claim in JWT, if empty will default to 30 days
"Audience": "DefaultAud" // "aud" claim in JWT
}
}
The JWT that you'll receive will look like this:
{
"sub": "1",
"iss": "DiscourseSso",
"iat": 1485393544,
"exp": 1487985544,
"aud": "DefaultAud",
"name": "UserName+LastName",
"username": "user",
"email": "user@example.com",
"external_id": "1",
"admin": "true",
"moderator": "false"
}
The sub claim is equivalent to external_id.