This extension equips Flarum with Single Sign On (shortly SSO). Basically, this extension will act as a bridge between Flarum and your SSO/Auth system. The extension is useful if you run Flarum on a subdomain but you want to use the login mechanism of your main website.
Workflow based on this post.
The user wants to login to your Auth system. Once his login attempt is successful, a POST request is sent to Flarum API to retrieve the user access token (verifying his credentials). He will be created in the Flarum database (through an API request) if he isn’t signed up on Flarum.
Then, the access token is saved in a cookie to be used when the user visits Flarum (this cookie keeps the login active).
This section covers the difference between plugins and addons.
This is the standard Flarum extension, installable on Flarum following the Installation instructions. This is required since it activates the user when he is added to the database, manage his logout, changes the Login and Signup links destination, …
A plugin is a library/package that you install on your Auth system to communicate with Flarum. This allows you to login, signup, update or logout the user (these are only examples, there may be other features along these ones). Some plugins are already developed for you and needs only to add the proper settings, like the WordPress plugin.
Examples of plugins are the PHP and WordPress ones.
Addons are additional features that can be added to the plugin(s). The installation method changes with the plugin you are using. For example, with the PHP plugin you have to add an addon calling an object method, while on WordPress you need to install it through the plugins screen.
Examples of addons are the Groups and the JWT ones.
Install by executing the command below and activate the extension in Flarum Administration area.
composer require maicol07/flarum-ext-sso
Upgrade by executing the command below, like with every other extension.
composer update maicol07/flarum-ext-sso
Here is the explanation of all the extension settings:
Default values for WordPress are:
redirect_to=forumpart is important as it will redirect your users back to the forum)
issclaim of your JWT. This is the domain that issues the JWT. Typically, this corresponds with the root domain.
Major changes are marked with
deletemethod (not fully tested, but should working almost all the times)
getFlarumLinkmethod that returns flarum link set in