No internet connection
  1. Home
  2. Issues

Auto refresh after SSO login

By DL @skyhawk
    2024-06-03 22:17:18.996Z

    Hi,
    I've got Talkyard setup up with SSO (username passwd combo from our own database) and as blog comments. When someone is not logged in and click the "like button", the login popup appears and logs the user in. I've managed to write some javascript code with postMessage that eventually reloads the original window of my website (so the user appears to be logged in there without refreshing himself). So far so good...

    When a user clicks "add comment" while not logged in, the editor window appears and you're only sent to the login popup when you want to post a comment. Because the editor iframe is active, the original parent page does NOT refresh after login with postMessage. So the user appears to be not logged in. When clicking post message again, the whole login popup procedure starts again until the user manually refreshes the page. I want to avoid that but I can't get it to work.

    1. How can I force refresh of my website while the editor iframe is active?
    2. Can I simply hide the add comment button while not logged in?
    3. Can the add comment button trigger the login procedure if not already logged in instead of opening the editor?
    4. Can we avoid the pop-up and simply redirect the user to my own login page whenever he/she clicks login, add comment (or post comment) or like? That way, I don't need a refresh procedure as the user navigates away from the page anyway and needs to return himself/herself.
    Reply
    • 3 replies
    1. KajMagnus @KajMagnus2024-06-04 11:45:16.630Z

      When a user clicks "add comment" while not logged in, the editor window appears and you're only sent to the login popup when you want to post a comment [...]

      Can the add comment button trigger the login procedure if not already logged in instead of opening the editor?

      There's a setting People may start writing posts before they have signed up here: https:// server /-/admin/settings/login that you can disable (it's on by default, for blog comments) — then, they'll get to log in directly when they click Reply or Like, before the editor opens.

      4. Can we avoid the pop-up and simply redirect the user to my own login page

      I think that's possible — I'll see when I'm back home later today (I'm using the for the "wrong" laptop for the moment). (And your own login page would then send the user back to the blog post, with a Paseto token that Talkyard can look at, if I remember correctly)

      Reply
      1. SDL @skyhawk
          2024-06-04 15:19:00.377Z

          Thanks. That setting would fix the entire problem for us (and also eliminates the need to have the login procedure in the main window instead of pop-up). But I don't seem to have that setting... Next to the SSO stuff on that page, I see these three options:

          • Login required: Require authentication to read content. Users must then login with for example password, or Google or Facebook or Single Sing-On — but anonymous access is disabled.
          • Approve users: New users need to be approved by staff before they can do anything more than just reading.
          • Log out idle user after minutes: 525600

          That first setting is something similar, but is about reading, not writing. Users can read without being logged in. But it would be nice if the "add comment" is disabled until they have logged in for writing. "People may start writing posts before they have signed up" is not an option I have to enable.

          Reply
          1. KajMagnus @KajMagnus2024-06-06 13:28:59.347Z

            Turns out this currently only works for the forum — then, the whole page can get redirected to the SSO page. Shouldn't be much work to add an option so it works like that, for blog comments too, I'll have a look ...

            So, what'd happen, when this works for blog comments too (for sites that enables it), is that when one clicks Log In, or Reply or Like, in Talkyard, then, the whole embedding page (not the iframe, no popup) gets redirected to the Single Sign-On URL. And there, the user logs in, and then should get redirected back to the same blog post page.

            A minor annoyance can be if someone has scrolled down in the comments iframe, maybe collapsed or un-collapsed some comments in a big discussion — then, upon navigating to the SSO page and back, such state is lost. Some time later, maybe the blog comments script could cache such state in localStorage and restore.

            Hmm, if one clicks Like, maybe Talkyard could remember in localStorage that that was what the user tried to do, and proceed with liking the post or comment, once back after SSO login. (But that'd be a later 2nd implementation step, I'd think.)

            Reply
        • Progress
          with handling this problem
        • @KajMagnus marked this topic as Planned 2024-06-06 13:33:49.143Z.
        Reply (discussion)Add progress note