Skip to content

Instantly share code, notes, and snippets.

Last active July 15, 2022 11:54
  • Star 13 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Discourse sso provider login
require('mysql.php'); // see
$me = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'];
$discourse_url = '';
if(!empty($_GET) and isset($_GET['sso'])){
$login = get_key('login');
header("location: $me");
$sso = $_GET['sso'];
$sig = $_GET['sig'];
// validate sso
if(hash_hmac('sha256', urldecode($sso), $sso_secret) !== $sig){
header("HTTP/1.1 404 Not Found");
$sso = urldecode($sso);
$query = array();
parse_str(base64_decode($sso), $query);
// verify nonce with generated nonce
$nonce = get_key('nonce'); // pretend that get_key is a function that get a value from a database by key
if($query['nonce'] != $nonce){
header("HTTP/1.1 404 Not Found");
// login user
set_key('login', $query);
header("Access-Control-Allow-Origin: *");
$info = '';
// user is logged on
$login = get_key('login');
print "<pre>";
$info ="if you click this a second time, you will be redirected here<br>";
$nonce = hash('sha512', mt_rand());
set_key('nonce', $nonce); // pretend that set_key is a function that saves key value data in a database
$payload = base64_encode( http_build_query( array (
'nonce' => $nonce,
'return_sso_url' => $me
) );
$request = array(
'sso' => $payload,
'sig' => hash_hmac('sha256', $payload, $sso_secret )
$query = http_build_query($request);
print "$info
<a href='$discourse_url/session/sso_provider?$query'>sign in with discourse</a><pre>
Copy link

flesser commented Oct 7, 2017

Interessant wäre evtl. auch, Discourse als zentralen Provider zu nehmen und dann per für alle anderen Dienste ein Plugin o.ä. zu stricken, das dagegen authentifiziert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment