Extiverse card

Flarum OpenID Connect Client logo

Supports latest Flarum version?


This extension enables users to login with an OpenID Connect (OIDC) provider. This method can be set to the only allowed method to login (SSO mode) or used as a complementary login method (like OAuth providers)

This is a Premium extension, not a free one. You can buy a license to use it in your Flarum through Extiverse

⚠ Warning! This README might be outdated! Please always refer to the docs to ensure you are reading the latest update!

Why premium

Mostly for two reasons:

  1. You can connect to any auth system, written in any language, as long as they are compliant with the OpenID Connect specs. My other SSO extension, which is free, allows you to connect to any auth system written in PHP.
  2. It requires only configuration in the admin panel and zero code. The SSO extension requires integration with your auth system through plugins in addition to extension configuration.

Screenshots

Button in login modal:
login_modal.png

Buttons in user settings (non-SSO mode):
settings_buttons_oauth.png
Buttons in user settings (SSO mode): settings_buttons_sso.png

Tested providers

Check the tested providers matrix

Requirements

Other extensions may be required due to third party dependencies. Check what composer says to know more.

To make JWT operations faster you'll need the gmp or bcmath extension. Read here for more.
{.is-info}

Implemented OpenID Connect features

The extension relies on maicol07/oidc-client-php, a heavenly modified fork of JuliusPC/OpenID-Connect-PHP. You can see a list of OIDC drafts and documents that have been implemented. However, the following features aren't already implemented in the extension at the time of writing (v3.0) and they can't be set/used:

How does it work?

The extension uses the authorization code flow variant of OpenID Connect. I suggest checking these resources to learn more about OIDC flow here:

Will it work on WordPress and other CMS?

Yes, as long as you're using a plugin that provides OpenID Connect features. For WordPress, you can try this one (not tested): https://wordpress.org/plugins/miniorange-oauth-20-server/

Do you want to disable standard signup and login?

Use the SSO mode or this extension: Third Party Login Only
This way, you can only login/signup through OIDC

Installation

  1. Be sure to check Extiverse instructions in your subscriptions page on how to install a premium extension via composer.json
  2. Install by executing the command below and activate the extension in Flarum Administration area. 
    composer require maicol07/flarum-oidc-client:*

Check the docs for more!

⚠️ PHP versions support/drop notice

PHP versions will be supported until its EOL.
If Flarum core changes PHP version before the official EOL, I'll update too the version accordingly to what they have chosen.

Upgrading

Upgrade by executing the command below, like with every other extension.

composer update maicol07/flarum-oidc-client:*

Contact/Help

Since this is a premium extension, you also have premium support. So I'll help you in every error you're facing. You can contact me using the following services:

Links

    Release 1.0.1 (2021-07-20)

    • Added more metadata to composer.json
    • Updated README (also on Extiverse)
    a month later

    is it work well with keycloak Idp ?
    or maybe could i have some trial/demo before i pay the premium subscribtion ?

      Z_c yes, it works very well. I used Keycloak to test it (you have to enable OIDC from Keycloak!)

      Z_c or maybe could i have some trial/demo before i pay the premium subscribtion ?

      There is a 3 days trial in the monthly subscription

          24 days later

          Hi, will this work with WHMCS client portal?

            Composer via cli
            GitHub API limit (0 calls/hr) is exhausted, could not fetch https://api.github.com/repos/maicol07/OpenID-Connect-PHP/tags?per_page=100. Create a GitHub OAuth token to go over the API rate limit. You can also wait until ? for the rate limit to reset.

              14 days later

              Release 1.0.2 (2021-09-27)

              • fix: 🐛 Fixed exception when not inserting provider URL
                The issue was caused by a check via autodiscovery about PKCE methods
              21 days later

              Release 2.0 (2021-10-18)

              • The internal OpenID Connect Client, which you can find here, has got a major refactor. Due to this big change, the minimum PHP version has been bumped to PHP 8.0
                • This will improve the overall performance of the extensions, powered by new PHP 8 features!

              Note: Adding a custom repo is no more required! You can delete it using this command:

              composer config --unset repositories.openid-connect
              5 months later

              It's nice to see a standardized SSO option but also unfortunate that to get proper SSO requires a paid extension. Anyways nice work.

                5 days later

                Wolfereign thank you! The explanation for this to be a premium extension is in the OP or in the Docs (section "Why premium?")

                  9 months later

                  Release 2.0.1 (2022-12-12)

                  • fix: 🐛 Fix avatars sync when picture isn't provided
                  • perf: Optimized code

                  Hotfix 2.0.2 (2022-12-13)

                  • fix: Fix settings not working