spinen / laravel-discourse-sso Goto Github PK
View Code? Open in Web Editor NEWIntegrate Discourse SSO into Laravel
Home Page: https://spinen.com
Integrate Discourse SSO into Laravel
Home Page: https://spinen.com
// Check to see if the user has forum access & should be logged in via SSO
'access' => null,
Could you give a brief explanation of what this setting does?
We currently have it set to null
, but SSO from Discourse is working.
Is it to control from our Laravel site whether we want users on an individual basis to have access to Discourse?
Hi there, I have followed the instructions from the README and I'm afraid to say that I can't see the SSO route in the available list of routes - the same issue occurs if I clear the route cache too.
I am trying to install in a Laravel 11 Project with Laravel Jetstream.
After following the guide I get a 404 when attempting to navigate to /discourse/sso
. The artisan route:list
command lists the following:
GET|HEAD / ............................................................... generated::QezdvotXfOs0UY0c
POST _ignition/execute-solution ignition.executeSolution › Spatie\LaravelIgnition › ExecuteSoluti…
GET|HEAD _ignition/health-check ignition.healthCheck › Spatie\LaravelIgnition › HealthCheckController
POST _ignition/update-config ignition.updateConfig › Spatie\LaravelIgnition › UpdateConfigControl…
GET|HEAD api/user ........................................................ generated::cgdtJVmQdhBT5fsn
GET|HEAD dashboard ......................................................................... dashboard
GET|HEAD forgot-password ..... password.request › Laravel\Fortify › PasswordResetLinkController@create
POST forgot-password ........ password.email › Laravel\Fortify › PasswordResetLinkController@store
GET|HEAD livewire/livewire.js generated::GHPOcWxwNwj6TlXw › Livewire\Mechanisms › FrontendAssets@retu…
GET|HEAD livewire/livewire.min.js.map generated::9XHbpXHwm2JZ9I3I › Livewire\Mechanisms › FrontendAss…
GET|HEAD livewire/preview-file/{filename} livewire.preview-file › Livewire\Features › FilePreviewCont…
POST livewire/update ......... livewire.update › Livewire\Mechanisms › HandleRequests@handleUpdate
POST livewire/upload-file . livewire.upload-file › Livewire\Features › FileUploadController@handle
GET|HEAD login ....................... login › Laravel\Fortify › AuthenticatedSessionController@create
POST login .. generated::6LUmjUsTIEjp4m8a › Laravel\Fortify › AuthenticatedSessionController@store
POST logout .................... logout › Laravel\Fortify › AuthenticatedSessionController@destroy
GET|HEAD register ....................... register › Laravel\Fortify › RegisteredUserController@create
POST register ..... generated::LaoFnGgK22srynpP › Laravel\Fortify › RegisteredUserController@store
POST reset-password .............. password.update › Laravel\Fortify › NewPasswordController@store
GET|HEAD reset-password/{token} ...... password.reset › Laravel\Fortify › NewPasswordController@create
GET|HEAD sanctum/csrf-cookie ....... sanctum.csrf-cookie › Laravel\Sanctum › CsrfCookieController@show
GET|HEAD two-factor-challenge two-factor.login › Laravel\Fortify › TwoFactorAuthenticatedSessionContr…
POST two-factor-challenge generated::UNYPJXQyuzFLodV4 › Laravel\Fortify › TwoFactorAuthenticatedS…
GET|HEAD up .............................................................. generated::JBkvPZDfz1FSukoO
GET|HEAD user/confirm-password generated::4UsAH4mCykdiEGdt › Laravel\Fortify › ConfirmablePasswordCon…
POST user/confirm-password password.confirm › Laravel\Fortify › ConfirmablePasswordController@sto…
GET|HEAD user/confirmed-password-status password.confirmation › Laravel\Fortify › ConfirmedPasswordSt…
POST user/confirmed-two-factor-authentication two-factor.confirm › Laravel\Fortify › ConfirmedTwo…
PUT user/password ............ user-password.update › Laravel\Fortify › PasswordController@update
GET|HEAD user/profile .................. profile.show › Laravel\Jetstream › UserProfileController@show
PUT user/profile-information user-profile-information.update › Laravel\Fortify › ProfileInformat…
POST user/two-factor-authentication two-factor.enable › Laravel\Fortify › TwoFactorAuthentication…
DELETE user/two-factor-authentication two-factor.disable › Laravel\Fortify › TwoFactorAuthenticatio…
GET|HEAD user/two-factor-qr-code two-factor.qr-code › Laravel\Fortify › TwoFactorQrCodeController@show
GET|HEAD user/two-factor-recovery-codes two-factor.recovery-codes › Laravel\Fortify › RecoveryCodeCon…
POST user/two-factor-recovery-codes generated::8hvxXJmnC4rvolSR › Laravel\Fortify › RecoveryCodeC…
GET|HEAD user/two-factor-secret-key two-factor.secret-key › Laravel\Fortify › TwoFactorSecretKeyCont
I also see a 404 when attempting to open the Discourse instance after applying the settings to enable SSO. I'm being redirected to http://localhost/discourse/sso?sso=bm9uY2U9ZjI0MmIzZjUzNWNiM2QwN2FhN2ZmYTczZWFmNWZjNmEmcmV0dXJuX3Nzb191cmw9aHR0cCUzQSUyRiUyRmxvY2FsaG9zdCUzQTMwMDAlMkZzZXNzaW9uJTJGc3NvX2xvZ2lu&sig=374fbc2b279cf748779bc9f6bdc2a21f27f6d17b6be9bcff44dcc7e621241862 - the 404 here also suggesting the SSO route has not been registered.
Below is my services config, as far as I can tell I have configured this correctly:
<?php
return [
/*
|--------------------------------------------------------------------------
| Third Party Services
|--------------------------------------------------------------------------
|
| This file is for storing the credentials for third party services such
| as Mailgun, Postmark, AWS and more. This file provides the de facto
| location for this type of information, allowing packages to have
| a conventional file to locate the various service credentials.
|
*/
'postmark' => [
'token' => env('POSTMARK_TOKEN'),
],
'ses' => [
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
],
'slack' => [
'notifications' => [
'bot_user_oauth_token' => env('SLACK_BOT_USER_OAUTH_TOKEN'),
'channel' => env('SLACK_BOT_USER_DEFAULT_CHANNEL'),
],
],
'discourse' => [
// Middleware for the SSO login route to use
'middleware' => ['web', 'auth'],
// The route's URI that acts as the entry point for Discourse to start the SSO process.
// Used by Discourse to route incoming logins.
'route' => 'discourse/sso',
// Optional domain to link sso route when using SSubdomain Routing
'domain' => null,
// Secret string used to encrypt/decrypt SSO information,
// be sure that it is 10 chars or longer
'secret' => env('DISCOURSE_SECRET'),
// Disable Discourse from sending welcome message
'suppress_welcome_message' => 'true',
// Where the Discourse forum lives
'url' => env('DISCOURSE_URL'),
// Api-specific items
// For logging out of Discourse directly, generate an API key as an "All user key" and put the key & user here.
// @see https://meta.discourse.org/t/how-to-create-an-api-key-on-the-admin-panel/87383
'api' => [
'key' => env('DISCOURSE_API_KEY'),
'user' => env('DISCOURSE_API_USER'),
],
// User-specific items
// NOTE: The 'email' & 'external_id' are the only 2 required fields
'user' => [
// Check to see if the user has forum access & should be logged in via SSO
'access' => null,
// Discourse Groups to make sure that the user is part of in a comma-separated string
// NOTE: Groups cannot have spaces in their names & must already exist in Discourse
'add_groups' => null,
// Boolean for making the user a Discourse admin. Leave null to ignore
'admin' => null,
// Full path to user's avatar image
'avatar_url' => null,
// The avatar is cached, so this triggers an update
'avatar_force_update' => false,
// Content of the user's bio
'bio' => null,
// Verified email address (see "require_activation" if not verified)
'email' => 'email',
// Unique string for the user that will never change
'external_id' => 'id',
// Boolean for making user a Discourse moderator. Leave null to ignore
'moderator' => null,
// Full name on Discourse if the user is new or
// if SiteSetting.sso_overrides_name is set
'name' => 'name',
// Discourse Groups to make sure that the user is *NOT* part of in a comma-separated string.
// NOTE: Groups cannot have spaces in their names & must already exist in Discourse
// There is not a way to specify the exact list of groups that a user is in, so
// you may want to send the inverse of the 'add_groups'
'remove_groups' => null,
// If the email has not been verified, set this to true
'require_activation' => false,
// username on Discourse if the user is new or
// if SiteSetting.sso_overrides_username is set
'username' => 'email',
],
],
];
Based on the README, I'm assuming I don't need to publish anything from the package? I assumed the route would be automatically generated? I couldn't see anything relating to this in an existing issue, but apologies if this has been raised elsewhere and I've missed something.
Hi,
Not a bug, just a question.
We're using subdomain routing in our Laravel application. Our authentication routes are bound to the "account." subdomain.
Accordingly, I'd like to have the sso.login
route bound to this subdomain only. It is currently a global route that you can access from any (sub)domain at discourse/sso
.
Not sure how to accomplish this.
Thank you!
This library works great, thanks!
I saw your TODO:
Am I right in thinking this means syncing logout isn’t supported at all?
I have an existing /logout
that needs to apply to Discourse — so that users can log out app-side.
Any approach recommendations for that?
The Discourse-side logout is easily enough catered for by setting the logout redirect in Discourse, but it looks like Discourse logs out via an auth’d DELETE /*/session
which I get a 403 for currently if I ajax it app-side 😕
Would be good if custom middleware was available for the sso route.
Although I mostly only want to check they're activated so using;
'access' => 'hasVerifiedEmail', // using Laravel's MustVerifyEmail contract.
Will work?
Hello and thanks for this awesome package !
I use the latest version of laravel and discourse
My config is set like this :
'add_groups' => 'discourse_groups'
I've add a getDiscourseGroupsAttribute()
method on my user model and it seems to be working
Using tinker I confirm having these results
>>> User::find(22)->discourse_groups
=> "manager,parents"
>>> config('services.discourse.user.add_groups')
=> "discourse_groups"
>>>
The Discourse SSO login works fine, but when I inspect the new user in discourse, I check the last payload under SSO informations and I see this:
add_groups=manager%2Cparents
In composer.json
, we're requiring "guzzlehttp/guzzle": "^7.0.1"
per the Laravel 8 dependency upgrade guide and "spinen/laravel-discourse-sso": "^2.5.2"
.
Result of composer update
:
Problem 1
- Can only install one of: guzzlehttp/guzzle[7.0.1, 6.5.x-dev].
- Can only install one of: guzzlehttp/guzzle[7.0.x-dev, 6.5.x-dev].
- Can only install one of: guzzlehttp/guzzle[7.1.x-dev, 6.5.x-dev].
- spinen/laravel-discourse-sso 2.5.2 requires guzzlehttp/guzzle ^6.4 -> satisfiable by guzzlehttp/guzzle[6.5.x-dev]. - Installation request for spinen/laravel-discourse-sso ^2.5.2 -> satisfiable by spinen/laravel-discourse-sso[2.5.2].
I think the package composer.json
may need to be updated to support both guzzle
6.x and 7.x? Not entirely sure of the fix.
Hello,
I followed the instructions:
composer require spinen/laravel-discourse-sso
config/services.php
I'm logged in to the Laravel application. However, when I visit the Discourse instance, I'm not logged in. If I click "Log In," I'm directed back to account.mydomain.com (with an sso
URL parameter) which is the URL where I would log in to Laravel if unauthenticated.
I'm confused about two settings, which I think could be the issue:
.env
as well as the Discourse settings.Thank you.
So I have it setup. I go to the discourse site, it redirects me to laravel site. I sign in -- it goes to discourse site and redirects back to mylaravelsite.com/session/sso_login?sso=****
This gives me a 404.
Any routes I should be adding? I do have use laravel spark.
So if I am already logged into laravel this works great and connects me.
However if I click through from discourse and I am not logged, I just get a 500 error.
Havent had chance to dig into it, but expected behaviour would be to redirect me to login page and then back here on successful login (unless I am missing something).
With Laravel 8 released it would be nice to use this package further.
Hey. I've just followed all the setup steps in the Readme, and now wanted to move to the Forum Setup. However, I have no Idea what to enter for the SSO Url... mywebsite.tld/ and then what after the Slash?
New LogoutDiscourseUser listener is great, however if the external ID does not exist in Discourse, the GET users/by-external/.. fails. Needs some better error handling on this as it returns a 404 not found.
In our use case, users are only created in Discourse once they try to access, so we have users in laravel without matching user in Discourse.
Will try commit when I have time
Now our forum URL is https://community.claritycooperative.com/
And our app is working on http://localhost:3000
What is the discourse_url on the config?
And also the discouse_api_user?
Is this working in the local environment?
Currently, I put the discourse_url with http://localhost:300 on the config and http://localhost:3000/discourse/sso is also the discourse URL on the forum admin.
Then I enabled the discourse connect on the admin.
After that, whenever I click the login button it always redirects to the http://localhost:3000/discourse/sso?sso=bm9uY2U9Y2I2ODI1MWVlZmI1MjExZTU4YzAwZmYxMzk1ZjBjMGI%3D%0A&sig=2828aa29899722b35a2f191d34ef9b3ce695e0e6eeec47deb46d588d70c7cb56.
Please help me what is the issue now.
Thanks
Hi - I am getting a 403 error when my site is redirecting to
mysite.test/discourse/sso
my site is on local while my forum is currently on a live url. Any ideas what might be causing this?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.