This extension equips Flarum with Single Sign On (shortly SSO). Basically, this extension will act as a bridge between Flarum and your SSO/Auth system. The extension is useful if you run Flarum on a subdomain but you want to use the login mechanism of your main website.
If you have an OpenID Connect provider/auth system you can use my OpenID Connect Client Extension, that requires zero coding from your side. You only have to configure it and you’re ready to go!
Workflow based on this post.
The user wants to login to your Auth system. Once his login attempt is successful, a POST request is sent to Flarum API from one of the extension plugins to retrieve the user access token (verifying his credentials). He will be created in the Flarum database (through an API request) if he isn’t signed up on Flarum.
Then, the access token is saved in a cookie to be used when the user visits Flarum (this cookie keeps the login active).
This section covers the difference between plugins and addons.
This is the standard Flarum extension, installable on Flarum following the Installation instructions. This is required since it activates the user when he is added to the database, manage his logout, changes the Login and Signup links destination, …
A plugin is a library/package that you install on your Auth system to communicate with Flarum. This allows you to login, signup, update or logout the user (these are only examples, there may be other features along these ones). Some plugins are already developed for you and needs only to add the proper settings, like the WordPress plugin.
Examples of plugins are the PHP and WordPress ones. You can find them in the “Plugins” section in the left sidebar.
Addons are additional features that can be added to the plugin(s). The installation method changes with the plugin you are using. For example, with the PHP plugin you have to add an addon calling an object method, while on WordPress you need to install it through the plugins screen.
Examples of addons are the Groups and the JWT ones.
Install by executing the command below and activate the extension in Flarum Administration area.
composer require maicol07/flarum-ext-sso
You’ll also need a plugin to get it work with your auth system. You can choose one from the “Plugins” section in the left sidebar.
PHP versions will be supported until its EOL.
If Flarum core changes PHP version before the official EOL, I’ll update too the version accordingly to what they have chosen.
Upgrade by executing the command below, like with every other extension.
composer update maicol07/flarum-ext-sso
Here is the explanation of all the extension settings:
Default values for WordPress are:
https://example.com/wp-login.php?action=register
https://example.com/wp-login.php?redirect_to=forum
(The redirect_to=forum
part is important as it will redirect your users back to the forum)https://example.com/wp-login.php?action=logout
iss
claim of your JWT. This is the domain that issues the JWT. Typically, this corresponds with the root domain.This addon requires the lcobucci/jwt:>=4.1
package added (and installed) to Flarum composer.json
to work.
Major changes are marked with
Released on October 21, 2021
5b7afa3
Unblock other extensions routes
It was impossible for other extensions, loaded after SSO to register new routes
ecc0676
Signup button points to logout URL
Released on August 09, 2021
fd9bc60
✨ Added Typescript config to get Flarum typing definitions8b70076
code_tools: ✨ Added Prettier instead of ESLint6fbd7f9
⚡ Better frontend settings helper3e24b49
New Discussion button opening the Login modal
f9cb9f4
🐛 Wrong app namespace3dce5dc
Reformatted build actionedbd507
♻️ Removed old Webpack configf17a9a5
♻️ Removed ESLint comments3233f94
Trigger changelog workflow when JS build has finishedf244d0f
Updated build actionb8e32e2
👷 Added Flarum Bot to automatically compile JS646203c
👷 Added conditional commit messages to changelog action086bdea
👷 Updated changelog generation4145636
deps: ⬆️ Upgraded Flarum Webpack config3e99300
meta: Updated extension icon colors for better contrastReleased on June 12, 2021
b74c90c
⚡ Use dot notation to set array value5e84bf4
📝 Fixed PHPDocs8f3d699
Allow to run changelog action manually to set the next version5cb1154
Add git credentialsa10765e
Add missing commitc009c2e
Add missing token to push back changes8ab1c6f
Push CHANGELOG.md back to repob705c4f
Ensure changelog is saved to fileec11208
Fix changelog action branch801fc90
Missing checkout action69b9e7e
Added more author metadata to composer.json
fcd76e6
Added flarum version support badge5de2a76
deps: Moved JWT package to suggestions7a4ce8c
locale: Delete pl.yml (#11)Released on May 22, 2021
Released on April 08, 2021
6c802df
avatarUrl
attributebc56ed3
3e033f8
830def6
avatarUrl
is null
978e1de
3cf884f
27b284e
composer.json
delete
method (not fully tested, but should working almost all the times)getFlarumLink
method that returns flarum link set in config.php
file