The loginbot implements the OAuth2 specification partially and it covers the API Discourse needs. Therefore, you can use it for adding "Login with DeltaChat" to your Discourse instance.
Each release comes with a compiled version for Linux x86 64 musl. This binary is stripped, optimized and should run on any Linux server with the
said architecture regardless of the libc used in the distribution as the binary comes with its own libc.
If you want it for some other
platform, you can install the Rust toolchain and then cargo build -r in the project's directory
to get an optimized release binary for your platform.
- An email account for the loginbot
- Admin access to the Discourse instance
- A server to run loginbot on
- With a public IP address
- Root access is NOT required nor it is recommended to run loginbot as root.
- A webserver like nginx to act as reverse proxy so that the outside world can talk with loginbot web APIs.
- A domain you can point to the webserver
The first step assumes you are on Linux and you are fine with a statically linked binary with musl libc.
- Download the latest release from Releases and get the binary:
wget https://github.com/deltachat-bot/deltachat-loginbot/releases/download/v0.3.0/deltachat-loginbot-x86_64-linux-musl_0.3.0.tar.bz2 - Extract loginbot's binary and other stuff to an empty directory:
tar xvf deltachat-loginbot-x86_64-linux-musl_0.3.0.tar.bz2 -C empty_directory - Rename
example_config.tomltoconfig.tomland modify the TOML config file(config.toml) to your need. Enter the email address and password for the loginbot account into theemailandpasswordfields inconfig.toml - Use
bash scripts/gen_secret.shto generate two random strings forclient_idandclient_secretinoauthsection of the config file. Enter one of randomly generated strings inclient_idfield and the other inclient_secretfield. - Enter
https://discourse.tld/auth/oauth2_basic/callbackasredirect_uriwherediscouse.tldis the domain address of your Discourse. - Run the binary. By default, it looks for
config.tomlin the current directory but you can specify somewhere else by a command line argument:./loginbot /path/to/config.toml - For production runs, a service manager is highly recommended for easier management of the loginbot process. For instance on Debian based distros and many others, systemd is used. You can use the systemd user service template(
loginbot.service). - The bot's web API is listening to
listen_addras specified in the config file. To see different possible values forlisten_addrsee valid values for SocketAddr. - You need a webserver to act as a reverse proxy for the login bot (see this guide as an example). Let it proxy traffic to the
listen_addrfrom theconfig.toml. - Point your domain to the server, so users can reach it (e.g. with
foo.com). - Create a TLS certificate for your domain, so the reverse proxy can encrypt the connection to the user, e.g. with certbot.
- In your Discourse instance, navigate to the admin panel. Then open Site settings and then "Login" section.
- Install Discourse basic OAuth2 plugin see plugin installation guide here.
- Configure Basic OAuth2. Enter the same client id and secret which you entered in
config.toml. Change oauth2 authorize and token url according to your domain and where loginbot web API is listening:
oauth2 enabled: true
oauth2 client id: <secret>
oauth2 client secret: <secret>
oauth2 authorize url: https://foo.com/authorize
oauth2 token url: https://foo.com/token
oauth2 token url method: POST
oauth2 callback user id path: params.info.email
oauth2 callback user info paths: name:params.info.username
email:params.info.email
oauth2 fetch user details: false
oauth2 email verified: true
oauth2 button title: Login with Delta Chat
oauth2 allow association change: true
- There are other stuff you can configure according to your need. You should look up Discourse docs for this. For example,
oauth2 button titleis the title of button the user sees. Like you can enter "Login with DeltaChat". You can read more in Discourse Basic OAuth2 support
This photo shows an example configuration:
