snap-cloud · cycomachead · Apr 14, 2026
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
@@ -14,6 +14,12 @@ def omniauth_configured
 
     providers = []
     Devise.omniauth_providers.each do |provider|
+      # Discourse SSO (Snap!Cloud) only requires a secret, not a key
+      if provider == :discourse
+        providers << provider if ENV.fetch('OSEM_SNAP_SSO_SECRET', ENV.fetch('OSEM_DISCOURSE_SECRET', nil)).present?
+        next
+      end
+
       provider_key = "#{provider}_key"
       provider_secret = "#{provider}_secret"
       unless Rails.application.secrets.send(provider_key).blank? || Rails.application.secrets.send(provider_secret).blank?

diff --git a/app/views/devise/shared/_openid_links.html.haml b/app/views/devise/shared/_openid_links.html.haml
@@ -16,8 +16,3 @@
             Snap
             %em> !
 %br
-.text-center
-  %em If you are not currently logged into Snap! or the Snap! Forums, you will need to log in to
-  Snap!Con twice when using your Snap! account. We're working on fixing this. Thanks!
-
-%br
diff --git a/config/environments/development.rb b/config/environments/development.rb
@@ -131,6 +131,18 @@
         secret: 'github_mock_secret'
       }
     )
+
+  OmniAuth.config.mock_auth[:discourse] =
+    OmniAuth::AuthHash.new(
+      provider:    'discourse',
+      uid:         'discourse-test-uid-1',
+      info:        {
+        name:     'snap user',
+        email:    'user-snap@example.com',
+        username: 'user_snap'
+      }
+    )
+
   config.after_initialize do
     Devise.setup do |devise_config|
       # Enable ichain test mode

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -14,10 +14,9 @@
                   name:  'google',
                   scope: %w[email profile]
 
-  # TODO-SNAPCON: This ought to be configurable. Use OSEM_DISCOURSE_KEY?
   config.omniauth :discourse,
-                  sso_url:    'https://forum.snap.berkeley.edu/session/sso_provider',
-                  sso_secret: ENV.fetch('OSEM_DISCOURSE_SECRET', nil)
+                  sso_url:    ENV.fetch('OSEM_SNAP_SSO_URL', 'https://snap.berkeley.edu/api/v1/discourse-sso'),
+                  sso_secret: ENV.fetch('OSEM_SNAP_SSO_SECRET', ENV.fetch('OSEM_DISCOURSE_SECRET', nil))
 
   config.omniauth :facebook,
                   ENV.fetch('OSEM_FACEBOOK_KEY', Rails.application.secrets.facebook_key),

diff --git a/dotenv.example b/dotenv.example
@@ -67,6 +67,12 @@
 # OSEM_GITHUB_KEY=1234
 # OSEM_GITHUB_SECRET=5678
 
+# Snap!Cloud SSO (Discourse SSO protocol)
+# The shared secret must match the DISCOURSE_SSO_SECRET configured in Snap!Cloud
+# OSEM_SNAP_SSO_SECRET=your_shared_secret
+# Optionally override the SSO endpoint URL (defaults to https://snap.berkeley.edu/api/v1/discourse-sso)
+# OSEM_SNAP_SSO_URL=https://snap.berkeley.edu/api/v1/discourse-sso
+
 # OMNIAUTH Developer KEY/Secret for SUSE/openSUSE
 # OSEM_SUSE_KEY=1234
 # OSEM_SUSE_SECRET=5678

diff --git a/spec/support/omniauth_macros.rb b/spec/support/omniauth_macros.rb
@@ -12,8 +12,7 @@ module OmniauthMacros
   ENV['OSEM_SUSE_SECRET'] = 'test secret suse'
   ENV['OSEM_GITHUB_KEY'] = 'test key github'
   ENV['OSEM_GITHUB_SECRET'] = 'test secret github'
-  ENV['OSEM_DISCOURSE_KEY'] = 'test key discourse'
-  ENV['OSEM_DISCOURSE_SECRET'] = 'test secret discourse'
+  ENV['OSEM_SNAP_SSO_SECRET'] = 'test secret snap sso'
 
   def mock_auth_new_user
     OmniAuth.config.mock_auth[:google] =