Adds a login button on Discourse which allows logging in using a Silverstripe site’s user account.

To Setup

1. On Silverstripe site:

   1. Install https://github.com/IanSimpson/ss-oauth2-server on Silverstripe site.

      1. If Guzzle version issue, add to config.json:
         1. "guzzlehttp/psr7": "2.1.0 as 1.4"
      2. Setup as per docs and add config:

      IanSimpson\\OAuth2\\OauthServerController:
        privateKey: 'private.key'
        publicKey: 'public.key'
        encryptionKey: 'INSERTKEYHERE'
      

      c. dev/build

      d. In Site Config, create a Client

      Redirect URI: http://DISCOURSE_HOST/auth/oauth2_basic/callback

2. On Discourse:

   1. Install https://github.com/discourse/discourse-oauth2-basic
   2. Add Settings > Login:
      1. oauth2 enabled: yes
      2. oauth2 client id: From Silverstripe Client
      3. oauth2 client secret: From Silverstripe Client
      4. oauth2 authorize url: https://yourwebsite.com/oauth/authorize
      5. oauth2 token url: https://yourwebsite.com/oauth/access_token
      6. oauth2 button title: (scroll down): My Site Name

   Now Set Up JSON Endpoint to pass user details to Discourse

   Docs: https://github.com/discourse/discourse-oauth2-basic#part-2-configuring-the-json-user-endpoint

   Still TODO. Ideally create a Silverstripe module for this.

   Basics:

   • Create an endpoint on Silverstripe site that returns member details as JSON.

     • Get member object using $member = IanSimpson\\OAuth2\\OauthServerController::getMember($this); to ensure that token is authenticated.

     • Output $member details, e.g.

       {
         "id": 123,
         "name": "John Smith",
         "email": "[email protected]",
       }
       

   • Add URL of endpoint to Discourse > Settings > Login > oauth2 user json url

   • Add JSON paths to Discourse > Settings > Login (based on JSON format) e.g.

     • oauth2 json user id path: id
     • oauth2 json name path: name
     • oauth2 json email path: email

   ---

   Restrictions/Notes

   • Can only send through the following to Discourse:

     • ID
     • Username
     • Name
     • Email
     • Email verification state
     • Avatar URL

   • Cannot pass through other details, such as Discourse groups to assign member to.

   • Pre-filled signup form is presented in Discourse allowing details to change imported details.

     (But Silverstripe account still linked to this account for future logins.)

     

   • Disable enable local logins in Discourse so that that Log In / Sign Up buttons go straight to Silverstripe login, and don’t display Discourse login modal.

     

   • To log out of Silverstripe after use logs out of Discourse:

     • Discourse > Settings > Users > logout redirect > http://example.com/Security/logout?BackURL=/home