Auto refresh after SSO login
Hi,
I've got Talkyard setup up with SSO (username passwd combo from our own database) and as blog comments. When someone is not logged in and click the "like button", the login popup appears and logs the user in. I've managed to write some javascript code with postMessage that eventually reloads the original window of my website (so the user appears to be logged in there without refreshing himself). So far so good...
When a user clicks "add comment" while not logged in, the editor window appears and you're only sent to the login popup when you want to post a comment. Because the editor iframe is active, the original parent page does NOT refresh after login with postMessage. So the user appears to be not logged in. When clicking post message again, the whole login popup procedure starts again until the user manually refreshes the page. I want to avoid that but I can't get it to work.
- How can I force refresh of my website while the editor iframe is active?
- Can I simply hide the add comment button while not logged in?
- Can the add comment button trigger the login procedure if not already logged in instead of opening the editor?
- Can we avoid the pop-up and simply redirect the user to my own login page whenever he/she clicks login, add comment (or post comment) or like? That way, I don't need a refresh procedure as the user navigates away from the page anyway and needs to return himself/herself.
- KajMagnus @KajMagnus2024-06-04 11:45:16.630Z
When a user clicks "add comment" while not logged in, the editor window appears and you're only sent to the login popup when you want to post a comment [...]
Can the add comment button trigger the login procedure if not already logged in instead of opening the editor?
There's a setting People may start writing posts before they have signed up here:
https:// server /-/admin/settings/login
that you can disable (it's on by default, for blog comments) — then, they'll get to log in directly when they click Reply or Like, before the editor opens.4. Can we avoid the pop-up and simply redirect the user to my own login page
I think that's possible — I'll see when I'm back home later today (I'm using the for the "wrong" laptop for the moment). (And your own login page would then send the user back to the blog post, with a Paseto token that Talkyard can look at, if I remember correctly)
- SDL @skyhawk
Thanks. That setting would fix the entire problem for us (and also eliminates the need to have the login procedure in the main window instead of pop-up). But I don't seem to have that setting... Next to the SSO stuff on that page, I see these three options:
- Login required: Require authentication to read content. Users must then login with for example password, or Google or Facebook or Single Sing-On — but anonymous access is disabled.
- Approve users: New users need to be approved by staff before they can do anything more than just reading.
- Log out idle user after minutes: 525600
That first setting is something similar, but is about reading, not writing. Users can read without being logged in. But it would be nice if the "add comment" is disabled until they have logged in for writing. "People may start writing posts before they have signed up" is not an option I have to enable.
- KajMagnus @KajMagnus2024-06-06 13:28:59.347Z
Turns out this currently only works for the forum — then, the whole page can get redirected to the SSO page. Shouldn't be much work to add an option so it works like that, for blog comments too, I'll have a look ...
So, what'd happen, when this works for blog comments too (for sites that enables it), is that when one clicks Log In, or Reply or Like, in Talkyard, then, the whole embedding page (not the iframe, no popup) gets redirected to the Single Sign-On URL. And there, the user logs in, and then should get redirected back to the same blog post page.
A minor annoyance can be if someone has scrolled down in the comments iframe, maybe collapsed or un-collapsed some comments in a big discussion — then, upon navigating to the SSO page and back, such state is lost. Some time later, maybe the blog comments script could cache such state in
localStorage
and restore.Hmm, if one clicks Like, maybe Talkyard could remember in
localStorage
that that was what the user tried to do, and proceed with liking the post or comment, once back after SSO login. (But that'd be a later 2nd implementation step, I'd think.)
- Progresswith handling this problem