OpenID Connect and SSO Callback
kvaakvaak
New
I'm trying to set up a page (let's call it example.com) with embedded Vanilla comments. The idea is that when a user logs in to example.com they are also logged in to Vanilla via OIDC SSO.
A user can already log in to example.com using OIDC. During the log in process to example.com the auth provider gives all of its SSO targets an SSO token using an HTTPS GET call, e.g. vanilla.example.com?sso_token=abcd1234. The SSO targets should at this point store the SSO token e.g. to a cookie and later append it and another query parameter (prompt=none) to the authorization url to log in to the application silently without additional user interaction.
Are there any plugins that already implement this flow? I'm currently using the OAuth2 plugin, but it does not seem to support this use case.
Comments
Vanilla had an OpenID endpoint, but it was recently removed to lack of maintenance and a couple of critical security vulnerabilities. If you're referring to some other form of connecting OpenID SSO (not the OpenID plugin), I'm afraid I don't have much experience there. I just wanted to make the point.
I thought we had announced that, but it may be missing from the release notes.
I'm referring to connecting to an external OIDC auth provider in general. Currently I can log in to Vanilla using the OAuth2 plugin, but I don't think it supports SSO in my use case (or, if it does, I don't know how to configure it properly).
Makes sense. I don’t have a lot of experience here but maybe one of the other devs does.