Flarum OpenID Connect Client

maicol07

Extiverse card

Flarum OpenID Connect Client logo

This extension enables users to login with an OpenID Connect (OIDC) provider. This method can be set to the only allowed method to login (SSO mode) or used as a complementary login method (like OAuth providers)

This is a Premium extension, not a free one. You can buy a license to use it in your Flarum through Extiverse

⚠ Warning! This README might be outdated! Please always refer to the docs to ensure you are reading the latest update!

Why premium

Mostly for two reasons:

You can connect to any auth system, written in any language, as long as they are compliant with the OpenID Connect specs. My other SSO extension, which is free, allows you to connect to any auth system written in PHP.
It requires only configuration in the admin panel and zero code. The SSO extension requires integration with your auth system through plugins in addition to extension configuration.

Screenshots

Button in login modal:

Buttons in user settings (non-SSO mode):

Buttons in user settings (SSO mode):

Tested providers

Check the tested providers matrix

Requirements

PHP 8.1+
The following PHP extensions installed and enabled:
- json
- mbstring
- filter
- ctype

Other extensions may be required due to third party dependencies. Check what composer says to know more.

To make JWT operations faster you'll need the gmp or bcmath extension. Read here for more.
{.is-info}

Implemented OpenID Connect features

The extension relies on maicol07/oidc-client-php, a heavenly modified fork of JuliusPC/OpenID-Connect-PHP. You can see a list of OIDC drafts and documents that have been implemented. However, the following features aren't already implemented in the extension at the time of writing (v3.0) and they can't be set/used:

How does it work?

The extension uses the authorization code flow variant of OpenID Connect. I suggest checking these resources to learn more about OIDC flow here:

Will it work on WordPress and other CMS?

Yes, as long as you're using a plugin that provides OpenID Connect features. For WordPress, you can try this one (not tested): https://wordpress.org/plugins/miniorange-oauth-20-server/

Do you want to disable standard signup and login?

Use the SSO mode or this extension: Third Party Login Only
This way, you can only login/signup through OIDC

Installation

Be sure to check Extiverse instructions in your subscriptions page on how to install a premium extension via composer.json

Install by executing the command below and activate the extension in Flarum Administration area.

composer require maicol07/flarum-oidc-client:*

Check the docs for more!

⚠️ PHP versions support/drop notice

PHP versions will be supported until its EOL.
If Flarum core changes PHP version before the official EOL, I'll update too the version accordingly to what they have chosen.

Upgrading

Upgrade by executing the command below, like with every other extension.

composer update maicol07/flarum-oidc-client:*

Contact/Help

Since this is a premium extension, you also have premium support. So I'll help you in every error you're facing. You can contact me using the following services:

Bug/feature tracker
Discuss post, check link below
Live chat from my personal webpage
Telegram
Discord (maicol07#6156)

Links

maicol07

witech have you read this from the first post?

maicol07 This is a Premium extension, not a free one. You can buy a license to use it in your Flarum through Extiverse

maicol07

Fixed a few links in the OP and in the docs not working!

maicol07

Release 1.0.1 (2021-07-20)

Added more metadata to composer.json
Updated README (also on Extiverse)

Z_c

is it work well with keycloak Idp ?
or maybe could i have some trial/demo before i pay the premium subscribtion ?

maicol07

Z_c yes, it works very well. I used Keycloak to test it (you have to enable OIDC from Keycloak!)

Z_c or maybe could i have some trial/demo before i pay the premium subscribtion ?

There is a 3 days trial in the monthly subscription

witech

Hi, will this work with WHMCS client portal?

maicol07

witech hi, yes. WHCMS is an OpenID Connect provider. You can check how to retrieve credentials here: https://docs.whmcs.com/OpenID_Connect#Setting_Up
And the autodiscovery endpoint here: https://docs.whmcs.com/OpenID_Connect_Developer_Guide#Authorization_Endpoint

For any other questions, just ask me!

witech

maicol07 I tried to install the plugin and told me api limit reached.

maicol07

witech which app gives the error? Composer or Flarum?

witech

Composer via cli
GitHub API limit (0 calls/hr) is exhausted, could not fetch https://api.github.com/repos/maicol07/OpenID-Connect-PHP/tags?per_page=100. Create a GitHub OAuth token to go over the API rate limit. You can also wait until ? for the rate limit to reset.

maicol07

witech another error here is a missing GitHub token: https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth

witech

maicol07 okay my team opted out of using oauth for flarum.

maicol07

Release 1.0.2 (2021-09-27)

fix: 🐛 Fixed exception when not inserting provider URL
The issue was caused by a check via autodiscovery about PKCE methods

maicol07

Release 2.0 (2021-10-18)

The internal OpenID Connect Client, which you can find here, has got a major refactor. Due to this big change, the minimum PHP version has been bumped to PHP 8.0
- This will improve the overall performance of the extensions, powered by new PHP 8 features!

Note: Adding a custom repo is no more required! You can delete it using this command:

composer config --unset repositories.openid-connect

Wolfereign

It's nice to see a standardized SSO option but also unfortunate that to get proper SSO requires a paid extension. Anyways nice work.

maicol07

Wolfereign thank you! The explanation for this to be a premium extension is in the OP or in the Docs (section "Why premium?")

maicol07

Release 2.0.1 (2022-12-12)

fix: 🐛 Fix avatars sync when picture isn't provided
perf: Optimized code

Hotfix 2.0.2 (2022-12-13)

fix: Fix settings not working

rubensflinco

I can not buy, error:

maicol07

rubensflinco for issue about Extiverse I'll tag @luceos so he can look into it

maicol07

luceos ok, I already know why (and I suspect why)

rubensflinco let me fix this and wait Stripe review (some days, I think). I'll write here when it becomes available again

maicol07

rubensflinco Stripe has reviewed my account and is enabled again! Let me know if you have any other issue!

luceos

maicol07 according to the error your account is under review. There's nothing I can do to fix this, you should check the Stripe dashboard and their emails for more information.