EGreg/SSO.php Secret

## SSO.php
<?php

include('../Q.inc.php');

function SSO($params = array()) {
    $params = array_merge($_REQUEST, $params);
    $sso = Q::ifset($params, 'sso', null);
    $sig = Q::ifset($params, 'sig', null);
    $secret = Q_Config::get("Communities", "Discourse", "SSO", "secret", null);
    $secret = '92738172819238912';

    $step = Q::ifset($params, 'step', null);

    if(is_null($sso)) {
        die("SSO is required");
        //throw new Q_Exception("SSO is required");
    }
    if(is_null($sig)) {
        die("SIG is required");
        //throw new Q_Exception("SIG is required");
    }
    if(is_null($secret)) {
        die("Communities.Discourse.SSO.secret config is required");
        //throw new Q_Exception("Communities.Discourse.SSO.secret config is required");
    }

    $hash = hash_hmac('sha256', $sso, $secret);

    if($hash != $sig) {
        die("Wrong signature");
        //throw new Q_Exception("Wrong signature");
    }

    $decodedSSO = urldecode(base64_decode($sso));
    parse_str($decodedSSO, $ssoVars);

    $nonce = $ssoVars['nonce'];
    $returnSsoUrl = $ssoVars['return_sso_url'];

    // $user = Users::loggedInUser();
    if($step != 'onboarding') {

/*
	$emailAddress = 'bobsaget@qbix.com';
	$name = 'Bob Saget';
	$username = 'BobbySaget2';
	$avatarUrl = 'https://variety.com/wp-content/uploads/2022/01/Bob-Saget-14-1.jpg?w=681&h=383&crop=1';
*/

	$forceUpdate = true;

	$emailAddress = 'mariah@careybaby.com';
	$name = 'Mariah Carey';
	$username = 'Mariah';
	$avatarUrl = 'https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTH8gEwxrzlwR-N4RHRXG70rISK0yneAZ7Me1Io-n5p2aIGqqYZLSKeYRSFHg&s';
	$externalId = $emailAddress;

        $urlParams = [
            'nonce' => $nonce,
            'email' => $emailAddress,
            'external_id' => $externalId,
            'name' => $name,
            'username' => $username,
            'avatar_url' => $avatarUrl,
	    'avatar_force_update' => $forceUpdate
        ];
        $querystring = http_build_query($urlParams);

        $encodedQS = base64_encode($querystring);
        $payloadHash = hash_hmac('sha256', $encodedQS, $secret);
        $returnParams = http_build_query([
            'sso' => $encodedQS,
            'sig' => $payloadHash
        ]);
        $returnFullUrl = $returnSsoUrl . '?' . $returnParams;
        header("Location: " . $returnFullUrl);
        exit;
    }

    Q_Response::addScript('{{Communities}}/js/pages/discourseSso.js');
    return Q_Response::layoutView('Communities/content/discourseSso.php');
    //return Q::view("Communities/content/discourseSso.php");
}

SSO();
	<?php

	include('../Q.inc.php');

	function SSO($params = array()) {
	$params = array_merge($_REQUEST, $params);
	$sso = Q::ifset($params, 'sso', null);
	$sig = Q::ifset($params, 'sig', null);
	$secret = Q_Config::get("Communities", "Discourse", "SSO", "secret", null);
	$secret = '92738172819238912';

	$step = Q::ifset($params, 'step', null);

	if(is_null($sso)) {
	die("SSO is required");
	//throw new Q_Exception("SSO is required");
	}
	if(is_null($sig)) {
	die("SIG is required");
	//throw new Q_Exception("SIG is required");
	}
	if(is_null($secret)) {
	die("Communities.Discourse.SSO.secret config is required");
	//throw new Q_Exception("Communities.Discourse.SSO.secret config is required");
	}

	$hash = hash_hmac('sha256', $sso, $secret);

	if($hash != $sig) {
	die("Wrong signature");
	//throw new Q_Exception("Wrong signature");
	}

	$decodedSSO = urldecode(base64_decode($sso));
	parse_str($decodedSSO, $ssoVars);

	$nonce = $ssoVars['nonce'];
	$returnSsoUrl = $ssoVars['return_sso_url'];

	// $user = Users::loggedInUser();
	if($step != 'onboarding') {

	/*
	$emailAddress = 'bobsaget@qbix.com';
	$name = 'Bob Saget';
	$username = 'BobbySaget2';
	$avatarUrl = 'https://variety.com/wp-content/uploads/2022/01/Bob-Saget-14-1.jpg?w=681&h=383&crop=1';
	*/

	$forceUpdate = true;

	$emailAddress = 'mariah@careybaby.com';
	$name = 'Mariah Carey';
	$username = 'Mariah';
	$avatarUrl = 'https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTH8gEwxrzlwR-N4RHRXG70rISK0yneAZ7Me1Io-n5p2aIGqqYZLSKeYRSFHg&s';
	$externalId = $emailAddress;

	$urlParams = [
	'nonce' => $nonce,
	'email' => $emailAddress,
	'external_id' => $externalId,
	'name' => $name,
	'username' => $username,
	'avatar_url' => $avatarUrl,
	'avatar_force_update' => $forceUpdate
	];
	$querystring = http_build_query($urlParams);

	$encodedQS = base64_encode($querystring);
	$payloadHash = hash_hmac('sha256', $encodedQS, $secret);
	$returnParams = http_build_query([
	'sso' => $encodedQS,
	'sig' => $payloadHash
	]);
	$returnFullUrl = $returnSsoUrl . '?' . $returnParams;
	header("Location: " . $returnFullUrl);
	exit;
	}

	Q_Response::addScript('{{Communities}}/js/pages/discourseSso.js');
	return Q_Response::layoutView('Communities/content/discourseSso.php');
	//return Q::view("Communities/content/discourseSso.php");
	}

	SSO();