This is a (dare I say) robust, enterprise-grade OpenID Connect (OIDC) client for Flarum.
While there are existing OAuth extensions, I found that connecting generic OIDC providers (like Keycloak, Authentik, Zitadel, or custom enterprise IdPs) was often difficult or brittle. This extension aims to solve that by providing a fully configurable, standards-compliant OIDC client that plays nicely with High Availability environments.
✨ Features
- Unlimited Providers: Configure as many Identity Providers as you need.
- Auto-Discovery: Just provide the Issuer URL (e.g.,
https://auth.example.com), and the extension fetches endpoints and JWKS keys automatically.
- Visual Customization: Full control over button colors, icons (FontAwesome or URLs), and labels.
- Attribute Mapping: Map JSON claims (
sub, email, name, picture) to Flarum user attributes easily.
- High Availability (HA) Ready: Built specifically to survive in Kubernetes/Docker clusters.
- Does not rely on shared file cache (no race conditions).
- Defensive loading (won't crash Queue Workers if assets are missing).
- Secure:
- Uses
league/oauth2-client and lcobucci/jwt directly.
- Performs manual ID Token signature verification.
- Supports both
RS256 and symmetric algorithms.
- Compatible: Works alongside
fof/oauth without conflict.
📸 Screenshots
📦 Installation
composer require floxum/flarum-ext-oidc
⚙️ Configuration
- Go to Admin Dashboard > Extensions.
- Find Floxum OIDC and click Configure.
- Click Add New Provider.
- Enter your Issuer URL (the base URL of your provider).
- Enter your Client ID and Client Secret.
- Customize the button style and attribute mapping.
- Click "Save All Changes to Database".
Running Example
This extension was initially built for and can be seen in use on https://community.islamic.network.
🔗 Links
