PHP and WordPress Single Sign On (SSO) with optional JWT Addon
Hello @maicol07 thank you for the great SSO plugin for wordpress & flarum.
i would like to know how can i connect multiple flarum forums in subdomains to be connected to a single WP website.
single SSO login in wordpress and connect to multiple flarum forums. is this is possible.
If yes how can i achieve that by any means,
thank you in advance.
- Edited
eeepurushoth actually the WP plugin doesn't support multiple flarum instances. However, you can try to copy the WP plugin to another folder and see if it works with 2 flarums or more. This behaviour isn't currently supported by the clients so don't expect anything
Thanks for great extension @maicol07
I see most posts are related to WordPress, but would also work with another authentication provider?
I'm using Outseta and I'm able to generate a JWT Token:
And I also have the issuer domain. I've added both into the extension settings.
But I don't understand what else I need to do and it's not working right now.
How does the extension/Flarum know, when someone has logged into my website?
I'm also hosting the forum right now on FreeFlarum.
- Edited
lubos-h hi, I've forgotten to check it 
. Anyway, I've just checked it now and I confirm that clicking the "New discussion" button when not logged in, redirects to the SSO login page.
wirtzdan This extension was born principally for a PHP auth systems. WordPress is a further implementation of the PHP plugin. However, I think you are able to use it with your JWT system. You need to make sure you send your JWT to {flarum_url}/sso/jwt (replace {flarum_sso} with your Flarum URL). Let me know if it works
Thanks @maicol07.
I just saw that Outseta is using RS256 as a signing method, but I can pick that one in the SSO extension. Would this be a problem?
To be clear about what needs to be done: Once the user logs into my website (By using Outseta Auth) I have to send the JWT to {flarum_url}/sso/jwt. From there Flarum can also recognise the user and automatically log him in?
wirtzdan RSA signatures aren't supported at the moment, only HMAC/SHA ones. You can either check if you can change it or use my OpenID Connect extension (it seems your Auth provider supports it, but maybe you have to contact them to know the URLs of the required endpoints)
maicol07 hi, I know I am being annoying 
, I am running on flarum 1.0.4,
when I activate "remove login button" in SSO, flarum login button (top right) disappears & "New discussion" opens login pop-up, aka my problem
when I de-activate "remove login button" in SSO, flarum login buttion (top right) is visible & "New discussion" redirects to specified url (does not open flarum login pop-up).
Hi! 
I'm currently extending Flarum and using your extension in the process. I think it's perfect for what I want to do!
I ran into a little roadblock though. Just like how you would send "groups" data as an addon from Group::class, I'm thinking of sending masquerade content through an API endpoint too.
Is there a way to add an endpoint to your Flarum API Client? Such as
$this->flarum->api->masquerade()->request()->collect()->all()?
Digitalam you should add your masquerade endpoint in this array: https://github.com/maicol07/flarum-api-client/blob/40c5b4372229878ee66231ee742309a996d6adc3/src/Fluent.php#L33
If you want IDE autocompletion you have to add the method to the class comment
Ooh I see, so just checking, I have to extend your extension by adding masquerade into the $types array in Fluent.php?
I was wondering if there is a way to do it without messing with your source code
@maicol07 do you know whether I would encounter any issues with authentication if I were to manually change the username of an account (both in Flarum and WordPress)? I have a few users who have registered on WordPress and utilized their email as username. I would prefer to change those so that they don't expose their email in the forums when mentioned. Thanks for any insights into this or considerations I should take!