PHP and WordPress Single Sign On (SSO) with optional JWT Addon

maicol07

ctml your method is correct. Do you get any errors in the request response?

ctml

Fairly generic, this ClientException is thrown from getToken

[message:protected] => Client error: `POST https://community.localhost:8080/api/token` resulted in a `401 Unauthorized` response:
{"errors":[{"status":"401","code":"not_authenticated"}]}

maicol07

ctml have you passed to the login method your username and password?
That error indicates that you are trying to login with incorrect credentials

ctml

maicol07

I thought you did not need to pass credentials, as the sso plugin would create the user / password if they were not registered in flarums DB? Really all I am passing is the admin API key / random string as I have no users yet,

$forum = new \Maicol07\SSO\Flarum('https://community.' . $_SERVER['HTTP_HOST'], 'https://' . $_SERVER['HTTP_HOST'], 'APIKEY', 'RANDOMSTRING', 14, true, true);
$forum->login($_SESSION['user'], $_SESSION['email']);

maicol07

ctml the extension creates a user with the username of the SSO system and an hash created from the password as a password.
You need these details to login the user

ctml

maicol07

The comments for the login method show to pass the plain text password if they were already signed up not using this extension. In my case I have no registered users, everything will be done through this plugin which is why I have omitted the password from the login call. The code for the plugin appears to create the password if not provided. The user is never created after calling login so I think the 401 is for attempting to fetch the user token, which if it is using the admin api key is not expected, but my api key is entered exactly as it is from the database.

/**
	 * Logs the user in Flarum. Generally, you should use this method when an user successfully log into
	 * your SSO system (or main website). If user is already signed up in Flarum database (not signed up with this
	 * extension) you need to pass plain user password as third parameter (for example Flarum admin)
	 * You can also set groups to your users with an array
	 *
	 * @param string $username
	 * @param string $email
	 * @param string|null $password
	 * @param array|null $groups
	 *
	 * @return string
	 */
        public function login(string $username, string $email, string $password = null, $groups = null)
	{
		if (empty($password)) {
			$password = $this->createPassword($username);
		}
		$token = $this->getToken($username, $password);
		// Backward compatibility: search for existing user
		try {
			$user = $this->api->users($username)->request();
			if (empty($token)) {
				$password = $this->createPassword($username);
				$token = $this->getToken($username, $password);
			}
		} catch (ClientException $e) {
			if ($e->getCode() == 404 and $e->getResponse()->getReasonPhrase() == "Not Found") {
				$signed_up = $this->signup($username, $password, $email, $groups);
				if (!$signed_up) {
					return false;
				}
				$token = $this->getToken($username, $password);
			} else {
				throw $e;
			}
		}

		$this->setGroups($username, $groups);

		return $this->setCookie($token, time() + $this->getLifetimeSeconds());
	}

maicol07

ctml I may have forgotten to update the doc 😅 that was for an older version of the plugin.
The access token requires the master token and user's username/password

luceos

maicol07 why don't you pr the changes to the api client back to the flagrow one? Seems overly unnecessary to use a fork with identical namespace in another fully functional package 🙂

ctml

maicol07

I'm testing with postman, and I realize this is not the SSO plugin but rather flarums api itself but I am getting the 401 unauthenticated using the master token I created.

POST /api/token
Headers:

Token: <api_keys_table_token>
userId: 1 <- tried with and without this field

{
    "errors": [
        {
            "status": "401",
            "code": "not_authenticated"
        }
    ]
}

maicol07

luceos I thought it was "abandoned" or no more actively developed/mantained...
I was thinking to change the namespace in the next version and maintain the API client

luceos

maicol07 that would be a great idea, thanks for clarifying 👍️ Once you publish your version feel free to ping me so I can mark the flagrow one abandoned and replaced with yours 😉

maicol07

ctml you need to set an Authorization header to your master token and your JSON body to:

{
  "identification" : "myusername",
  "password" : "mypassword",
  "lifetime" : "3600"
}

You can change 3600 to another value if you want

ctml

maicol07

I see that now, thanks. Looks like the 401 is expected for the token since the user doesn't exist, after the 401 the signup is attempted. Unfortunately I now see that the signup fails because my website usernames allows periods, but flarum does not.

/api/users` resulted in a `422 Unprocessable Entity` response:
{"errors":[{"status":"422","code":"validation_error","detail":"The username may only contain letters, numbers, and dashe (truncated...)

I cannot change my usernames, so I'll have to figure out of there is anyway around this limitation of flarum.

maicol07

ctml you should edit that in Flarum core files, but that is not a good way to do it. It can be better to replace all the usernames dots and special characters with a - when registering the user (or maybe removing them completely).
A change in the next betas is the best choice, but I don't know if developers want.

ctml

Thanks, you're a gentleman and a scholar! I appreciate all the quick replies over the past 24h, it is all working now. Although I don't love substituting dashes, it has nothing to do with the SSO and is a limitation of flarum, there is another thread about supported characters in usernames so I will carry on over there 🙂 Very excited to start using it now that I can integrate all my users.

Sarveshmrao

I get a error when logging in from my dashboard it says
Fatal Error: Class 'Flarum' is not found in .......blah blah blah
Please let me know what I should do.

maicol07

Sarveshmrao Have you imported the class with use?

Sarveshmrao

Thanks for your swift reply.
This is my code.

.
.
.
.
.
if ($_GET['src']=="comm") {
require_once(__DIR__ .'/vendor/autoload.php'); **// I even tried writing this line and the next line at the start of the file**
require_once('vendor/maicol07/flarum-sso-plugin/src/Flarum.php');
// Create the Flarum object with the required configuration. The parameters are explained in the class file (src/Flarum.php)
$forum = new Flarum('FORUM URL', 'ROOT DOMAIN', 'SOME RANDOM LETTERS', 'AGAIN SOME RANDOM LETTERS'); **//In this line is the error**
    // Login the user with username, email and password (if user is already signed up in Flarum before using this extension)
	// If user doesn't exists in Flarum, it will be created
    $forum->login($_SESSION['name'], $email, $_POST['password']);
    // Redirect to Flarum
    $forum->redirectToForum();
} elseif (!$_SESSION['name'] || !$_POST['password']) {
    echo 'Login failed';
}
.
.
.
.
.

maicol07

Sarveshmrao you can remove the second require. Then, before the new Flarum ...add use Maicol07\Flarum; (check your IDE for auto completion)

Sarveshmrao

This is the error I get now.
Fatal error: Uncaught Error: Class 'maicol07\Flarum' not found

maicol07

Sarveshmrao note the M is uppercase

« Previous Page Next Page »