Skip to content
/ discourse-debtcollective-sso Public

Miscellaneous utility extensions to Discourse to enable Debt Collective features

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

debtcollective/discourse-debtcollective-sso

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

85 Commits
app/jobs
app/jobs
 
 
config
config
 
 
lib
lib
 
 
spec
spec
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
plugin.rb
plugin.rb
 
 

Repository files navigation

discourse-debtcollective-sso

This plugin implements our flavor of SSO for Discourse. We use cookie based authentication across subdomains instead of creating sessions between apps. This provides a better experience and fixes auth of sync sessions between Discourse and other apps.

We are keeping the code from the Discourse SSO provider with our extensions, this is for backwards compatibility with our current tools application. We should remove this once we phase out our current tools.

Usage

This plugins exposes two endpoints.

  1. GET /session/sso_cookies?return_url=example.com used for login
  2. GET /session/sso_cookies/signup?return_url=example.com used for signup

return_url is a required param. If it's missing, it will return 400

To login or signup, other applications will redirect to either of these endpoints, and once the login or the signup is completed, it will redirect back to that URL with the SSO cookie set. Then other applications of the same domain will read the SSO cookie that contains a JWT with the user information.

In development, you will need to run the Discourse server with some special configuration

env DISCOURSE_ENABLE_CORS=true DISCOURSE_DEV_HOSTS=lvh.me DISCOURSE_SSO_JWT_SECRET=jwt-secret rails s
  • DISCOURSE_ENABLE_CORS=true allow other apps to make CORS request to Discourse. We use this to be able to logout users from other apps
  • DISCOURSE_DEV_HOSTS=lvh.me use a custom domain to make cookies to work. lvh.me redirects all traffic to 127.0.0.1
  • DISCOURSE_SSO_JWT_SECRET=jwt-secret this is encryption key for the the JWT cookie. Use the same value between applications

In envs different than development, these variables will be set in the configuration file.

Rebuilding assets on the server

There are cases where want to restart the server in order to see changes. Do to this you need to

  1. Get inside the server.
  2. Go to the discourse folder. cd /opt/discourse
  3. Get into the Discourse docker container. ./launcher enter web
  4. Stop unicorn. sv stop unicorn
  5. Compile new assets su discourse -c 'bundle exec rake assets:precompile'
  6. Upload assets to S3 bundle exec rake s3:upload_assets
  7. Start unicorn. sv start unicorn

About

Miscellaneous utility extensions to Discourse to enable Debt Collective features

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages