I think so.
https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045
Discourse SSO (Single-Sign-On) allows us to do all authentication and sign-up off of the Discourse site. Now you may ask, why on Earth would we want to do this?
I see two main reasons: it allows us to reclaim the after_authenticate hook for mozillians.org related purposes and it gives us complete control over users’ usernames.
To expand on the first reason: the current method for pulling data from mozillians.org (which is being used here: http://csa-discourse.mofostaging.net/, code here: https://github.com/LeoMcA/discourse-persona-mozillians) works by querying the mozillians.org api after a user logs in, and then doing stuff (like assigning them to groups). The trouble is, if we want to add another authentication method (e.g. Yahoo login) there’s no way we can use the after_authenticate hook to query mozillians.org without either patching the Yahoo login code in Discourse every time we do a git clone/pull, or reimplementing the Yahoo login as a plugin.
Using SSO would mean I would, in this case, have to add code to allow Yahoo login to the SSO server, but this isn’t any more difficult than doing it in Discourse, and things are far less likely to break after upgrades (because, in theory, the SSO protocol should remain backwards-compatible).
The primary advantage I see for doing this is if (or when) we have separate Discourse instances for Mozilla communities. Suppose the Germany speaking community wanted their own separate Discourse instance. Using SSO would allow us to have one authoritative Discourse instance when it comes to usernames (which would probably be this one).
This would mean, for instance, if someone tried to sign up with @leo as their username on the German instance, they wouldn’t be allowed, and if somebody signed up on the German instance with a yet-unused username on the authoritative Discourse instance, their username would be reserved on it.
As for disadvantages, the only two I can see are that we have to build this (and I’ve already got a near-equivalent system working to what we have on this site already) and host it (but we’re not too shabby at that). There’s no problem of storing user data, most of what this SSO server will be doing (at least initially) is combining data from a number of apis, and then handing it off to Discourse.
There’s an Etherpad summarising most of this information (and a few development notes): https://communityit.etherpad.mozilla.org/discourse-sso
Thoughts?