PHP and WordPress Single Sign On (SSO) with optional JWT Addon

maicol07 · Jul 21, 2021

lubos-h hi, I've forgotten to check it . Anyway, I've just checked it now and I confirm that clicking the "New discussion" button when not logged in, redirects to the SSO login page.

wirtzdan This extension was born principally for a PHP auth systems. WordPress is a further implementation of the PHP plugin. However, I think you are able to use it with your JWT system. You need to make sure you send your JWT to {flarum_url}/sso/jwt (replace {flarum_sso} with your Flarum URL). Let me know if it works

wirtzdan · Jul 22, 2021

Thanks @maicol07.

I just saw that Outseta is using RS256 as a signing method, but I can pick that one in the SSO extension. Would this be a problem?

To be clear about what needs to be done: Once the user logs into my website (By using Outseta Auth) I have to send the JWT to {flarum_url}/sso/jwt. From there Flarum can also recognise the user and automatically log him in?

maicol07 · Jul 22, 2021

wirtzdan RSA signatures aren't supported at the moment, only HMAC/SHA ones. You can either check if you can change it or use my OpenID Connect extension (it seems your Auth provider supports it, but maybe you have to contact them to know the URLs of the required endpoints)

lubos-h · Jul 24, 2021

maicol07 hi, I know I am being annoying , I am running on flarum 1.0.4,

when I activate "remove login button" in SSO, flarum login button (top right) disappears & "New discussion" opens login pop-up, aka my problem
when I de-activate "remove login button" in SSO, flarum login buttion (top right) is visible & "New discussion" redirects to specified url (does not open flarum login pop-up).

maicol07 · Jul 24, 2021

lubos-h mmm... That's really strange... Have you cleared your cache with php Flarum cache:clear?

lubos-h · Jul 25, 2021

maicol07 yes, couple of times

maicol07 · Jul 25, 2021

lubos-h have you also tried to clear browser cache or hard refresh the page via CTRL + SHIFT + R?

Cctml · Jul 25, 2021

lubos-h how about with all other extensions disabled?

lubos-h · Jul 25, 2021

maicol07 yes, both Flarum cache and browser cache.
ctml yes, I have very few extensions, tried one by one (with clearing both caches), nothing helped.

maicol07 · Jul 29, 2021

lubos-h I'll check everything once more and I'll see what doesn't work

Digitalam · Jul 30, 2021

Hi! I'm currently extending Flarum and using your extension in the process. I think it's perfect for what I want to do!

I ran into a little roadblock though. Just like how you would send "groups" data as an addon from Group::class, I'm thinking of sending masquerade content through an API endpoint too.

Is there a way to add an endpoint to your Flarum API Client? Such as
$this->flarum->api->masquerade()->request()->collect()->all()?

maicol07 · Jul 30, 2021

Digitalam you should add your masquerade endpoint in this array: https://github.com/maicol07/flarum-api-client/blob/40c5b4372229878ee66231ee742309a996d6adc3/src/Fluent.php#L33
If you want IDE autocompletion you have to add the method to the class comment

Digitalam · Jul 30, 2021

Ooh I see, so just checking, I have to extend your extension by adding masquerade into the $types array in Fluent.php?

I was wondering if there is a way to do it without messing with your source code

maicol07 · Aug 1, 2021

Digitalam not currently. I'll add it to my to-do list. For now, you have to fork it and add it manually

UaMV · Aug 1, 2021

@maicol07 do you know whether I would encounter any issues with authentication if I were to manually change the username of an account (both in Flarum and WordPress)? I have a few users who have registered on WordPress and utilized their email as username. I would prefer to change those so that they don't expose their email in the forums when mentioned. Thanks for any insights into this or considerations I should take!

maicol07 · Aug 1, 2021

UaMV if you change it in WordPress it should be automatically changed in Flarum, as long as the email field is equal

HHari · Aug 4, 2021

edit: how can the user be able to edit flarum user name at flarum itself?

maicol07 · Aug 4, 2021

Hari the correct behaviour is the second one: this extension redirects the user directly to the login page and the plugin from your auth system can redirect the user to Flarum, if you choose to do it (you have to implement the plugin and the redirect in your code, if you haven't done it already (only for PHP, not WordPress. WP plugin has an option in settings to redirect users to Flarum after the login)).
When a user signs up on WP the plugin automatically creates the Flarum user with their data. So the WP username must match the user's first name. If you want to set the display name (from flarum/nicknames extension) the value selected will be WP display name

lubos-h I've managed to reproduce the error and I'm working on a fix.

lubos-h · Aug 4, 2021

maicol07 you're the best, thanks a lot!

maicol07 · Aug 9, 2021

1.10.2 - Flarum extension

Released on August 09, 2021

Features (dev)

fd9bc60 Added Typescript config to get Flarum typing definitions
8b70076 code_tools: Added Prettier instead of ESLint

Performance Improvements

6fbd7f9 Better frontend settings helper

Bug Fixes

3e24b49 New Discussion button opening the Login modal (thank you lubos-h for the report)
- Also did some major refactor
f9cb9f4 Wrong app namespace

Code Refactoring

3dce5dc Reformatted build action
edbd507 Removed old Webpack config
f17a9a5 Removed ESLint comments

CI changes

3233f94 Trigger changelog workflow when JS build has finished
f244d0f Updated build action
b8e32e2 Added Flarum Bot to automatically compile JS
646203c Added conditional commit messages to changelog action
086bdea Updated changelog generation

Other changes

4145636 deps: Upgraded Flarum Webpack config
3e99300 meta: Updated extension icon colors for better contrast