Auth0-Discourse SSO Rule

rule.js

function (user, context, callback) {
  // Check whether the Auth0 client is the one we want to apply this rule to
  if(context.clientID === "CLIENT_ID") {
    
    // Check out Discourse's SSO implementation requirements already in discourse-sso package
    // at https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045#heading--implement
    var discourse_sso = require('discourse-sso');
    
    // Setup sso_secret variable on your client variables on Auth0 so you don't need to have it inline in your code
    var sso = new discourse_sso(context.clientMetadata.sso_secret);
    
    // Validate the query payload with its signature (it uses the sso_secret passed to the discourse_sso instance)
    if(sso.validate(context.request.query.sso, context.request.query.sig)) {
      
      // Extract nonce information 
      var nonce = sso.getNonce(context.request.query.sso);
      
      var userparams = {
        // Required, will throw exception otherwise 
        "nonce": nonce,
        "external_id": user.user_id,
        "email": user.email,
        // Optional
        "username": user.nickname,
        "require_activation": !user.email_verified,
        "suppress_welcome_message": true
      };
    
      var q = sso.buildLoginString(userparams);
    
      context.redirect = {
          url: "DISCOURSE_URL/session/sso_login?" + q
      };
    }
  }
  
  callback(null, user, context);
}

This is great! I've rewritten it slightly to work with Auth0's newer Actions based approach, rather than their older 'rules' where it's an action in the login flow: https://gist.github.com/MGough/2100b56232fe4159ffcaadabfe4c38b8

Thanks @MGough. Left a minor suggestion in your gist.