Forum Academy Marketplace Showcase Pricing Features

How to setup a SSO endpoint in bubble for it to authenticate my forum users

Hello,

I have my bubble app, and i have a forum (discourse). I want users who login to my bubble app to automatically be able to post to my forum. The forum technology i use is the same technology being used here (discourse).

So Discourse how shown me what i need to do on the discourse side of things to enable SSO.
But now i need to setup my bubble site using the steps below.

So could anyone help out how i would acheive the steps below.
Even if you give me some high level guidance to get me started, that would be great.

Full URL is at the bottom, but the steps i’m having problem with are pasted below.

Implementing SSO on your site

Discourse will redirect clients to sso_url with a signed payload: (say sso_url is https://somesite.com/sso)

You will receive incoming traffic with the following

https://somesite.com/sso?sso=PAYLOAD&sig=SIG

The payload is a Base64 encoded string comprising of a nonce518. The payload is always a valid querystring.

For example, if the nonce is ABCD. raw_payload will be:

nonce=ABCD, this raw payload is base 6486 encoded.

The endpoint being called must

Validate the signature, ensure that HMAC-SHA256 of sso_secret, PAYLOAD is equal to the sig
Perform whatever authentication it has to

Create a new payload with nonce, email, external_id and optionally (username, name)
nonce should be copied from the input payload

email must be a verified email address. If the email address has not been verified, set require_activation to “true”.

external_id is any string unique to the user that will never change, even if their email, name, etc change. The suggested value is your database’s ‘id’ row number.

username will become the username on Discourse if the user is new or SiteSetting.sso_overrides_username is set.

name will become the full name on Discourse if the user is new or SiteSetting.sso_overrides_name is set.

avatar_url will be downloaded and set as the user’s avatar if the user is new or SiteSetting.sso_overrides_avatar is set.
bio will become the contents of the user’s bio if the user is new, their bio is empty or SiteSetting.sso_overrides_bio is set.

Additional boolean (“true” or “false”) fields are: admin, moderator, suppress_welcome_message

Base64 encode the payload

Calculate a HMAC-SHA256 hash of the payload using sso_secret as the key and Base64 encoded payload as text

Redirect back to http://discourse_site/session/sso_login?sso=payload&sig=sig

Discourse will validate that the nonce is valid, and if valid, it will expire it right away so it can not be used again. Then, it will attempt to:

Log the user on by looking up an already associated external_id in the SingleSignOnRecord model

Log the user on by using the email provided (updating external_id)

Create a new account for the user providing (email, username, name) updating external_id

1 Like

This topic was automatically closed after 70 days. New replies are no longer allowed.