I have a query on using the Wordpress integration as our user base, and then connecting up another platform with OAuth, and just wanted to check my logic/workings.
We are using WordPress as our user base, with the user migration enabled in the integration to Auth0. This is working perfectly and enabling users to log into the site, and users are being migrated up to Auth0 perfectly.
We then have Discourse set up as SSO with Auth0 following the tutorial, which is also working. If they come to the forum after logging in on the Wordpress site, click log in, they are logged in with their existing session from the WordPress site. New users are prompted for profile fields, existing users are logged in seamlessly. Perfect! (Or so I thought!)
The problem arises if someone tries to log in directly to Discourse.
My example was that I had tried to fire up the Discourse Android app and connect to the forums, and when I hit login it takes me directly to the Auth0 login form without first going to the Wordpress site. My WordPress credentials don’t work here (on the auth0 form loaded by the forums, before going to the WP site).
This is confusing for the user because they try to login with credentials they know are working on the WP site but it does not allow them to log in. As a side note, in the Discourse mobile app it doesn’t seem to be possible for me to manually browse to the site either.
My understanding (which could be faulty!) is that if this happens, and there isn’t a current session active, they need to go back to the WP site to log in first, but with the app that doesn’t seem possible.
Any suggestions? Did I miss a step somewhere which would allow their WP credentials to auth them to the forum?