This is a Discourse plugin to do Single Sign On using Auth0.
Demo: https://auth0.com/forum/
- Support for Active Directory / LDAP (see animated gif)
- No matter if Discourse is on the cloud or on-prem, it will work transparently
- Support for Kerberos too (configured by IP ranges)
- Support for other enterprise logins like SAML Protocol, Windows Azure AD, Google Apps, Salesforce, etc. All supported here: https://docs.auth0.com/identityproviders.
- Support for social providers without having to add OmniAuth strategies by hand. Just turn on/off social providers (see animated gif)
- Support for Single Sign On with other Discourse instances and any other application in your account (see animated gif.
-
Create an account on Auth0 and open the application settings.
-
Install Discourse. You can use this guide to install Discourse on any platform
-
Edit your
containers/app.yml
to include this underhooks > after_code > exec > cmd
:- git clone https://github.com/quantrocket-llc/auth0-discourse-plugin.git auth0
-
Follow the rest of the tutorial
-
Login as an administrator using a discourse account (not auth0 yet)
-
Configure your settings as shown in this image
Enjoy!
In order to login to discourse the email of the user should be verified either at the Auth0 service level or in Discourse itself.
Some Social Providers already verify the email but others not. If the user hasn't verified the email it will receive two emails the first one from Auth0 and the second one from Discourse. This can be confusing for the end-user, a simple fix is to only allow verified users to sign in to Discourse by using an Auth0 Rule like this:
function (user, context, callback) {
if (!user.email_verified && context.clientID === 'introduce-discourse-client-id') {
return callback(new UnauthorizedError('Please verify your email and sign in again.'));
}
return callback(null, user, context);
}
You can keep using Discourse Login dialog and integrate only a specific connection from Auth0. It will show up as another button like the social providers.
Go to admin site settings for Auth0 and change the auth0_connection
with the connection name you want to use from Auth0.
$ RAILS_ENV=production bundle exec rails c
$ u = User.find_by_email('the-email-you-want-to-make-admin@whatever.com')
$ u.admin = true
$ u.save!
Auth0 helps you to:
- Add authentication with multiple authentication sources, either social like Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, amont others, or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider.
- Add authentication through more traditional username/password databases.
- Add support for linking different user accounts with the same user.
- Support for generating signed Json Web Tokens to call your APIs and flow the user identity securely.
- Analytics of how, when and where users are logging in.
- Pull data from other sources and add it to the user profile, through JavaScript rules.
- Go to Auth0 and click Sign Up.
- Use Google, GitHub or Microsoft Account to login.
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.