Last active
August 29, 2022 16:00
-
-
Save leog/c5c823fdb441b1a9b88e8fd73e2817e9 to your computer and use it in GitHub Desktop.
Auth0-Discourse SSO Rule
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function (user, context, callback) { | |
// Check whether the Auth0 client is the one we want to apply this rule to | |
if(context.clientID === "CLIENT_ID") { | |
// Check out Discourse's SSO implementation requirements already in discourse-sso package | |
// at https://meta.discourse.org/t/official-single-sign-on-for-discourse-sso/13045#heading--implement | |
var discourse_sso = require('discourse-sso'); | |
// Setup sso_secret variable on your client variables on Auth0 so you don't need to have it inline in your code | |
var sso = new discourse_sso(context.clientMetadata.sso_secret); | |
// Validate the query payload with its signature (it uses the sso_secret passed to the discourse_sso instance) | |
if(sso.validate(context.request.query.sso, context.request.query.sig)) { | |
// Extract nonce information | |
var nonce = sso.getNonce(context.request.query.sso); | |
var userparams = { | |
// Required, will throw exception otherwise | |
"nonce": nonce, | |
"external_id": user.user_id, | |
"email": user.email, | |
// Optional | |
"username": user.nickname, | |
"require_activation": !user.email_verified, | |
"suppress_welcome_message": true | |
}; | |
var q = sso.buildLoginString(userparams); | |
context.redirect = { | |
url: "DISCOURSE_URL/session/sso_login?" + q | |
}; | |
} | |
} | |
callback(null, user, context); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is great! I've rewritten it slightly to work with Auth0's newer Actions based approach, rather than their older 'rules' where it's an action in the login flow: https://gist.github.com/MGough/2100b56232fe4159ffcaadabfe4c38b8