Flarum OpenID Connect Client
maicol07/flarum-oidc-client
OpenID Connect client/SSO for Flarum
- Downloads
- 28
- Subscribers
- 1
Plan comparison
Plans
Subscribe to any of the available plans below.
This extension enables users to login with an OpenID Connect (OIDC) provider. This method can be set to the only allowed method to login (SSO mode) or used as a complementary login method (like OAuth providers)
This is a Premium extension, not a free one. You can buy a license to use it in your Flarum through Extiverse
⚠ Warning! This README might be outdated! Please always refer to the docs to ensure you are reading the latest update!
Why premium
Mostly for two reasons:
- You can connect to any auth system, written in any language, as long as they are compliant with the OpenID Connect specs. My other SSO extension, which is free, allows you to connect to any auth system written in PHP.
- It requires only configuration in the admin panel and zero code. The SSO extension requires integration with your auth system through plugins in addition to extension configuration.
Screenshots
| Description | Screenshot |
|---|---|
| Button in login modal |  |
| Buttons in user settings (non-SSO mode) |  |
| Buttons in user settings (SSO mode) |  |
Tested providers
Note: This list is not exhaustive. Other generic OIDC providers should work as well. If you have tested this library with a provider not listed here, please contact me to add it here.
| Provider | Is tested? | Notes |
|---|---|---|
| Keycloak | ✅ | Client authenticator must be set to "Client id and secret" |
| Casdoor | ✅ | Code challenge must be set to S256 or PKCE should be disabled |
Requirements
Other extensions may be required due to third party dependencies. Check what composer says to know more.
To make JWT operations faster you'll need the gmp or bcmath extension. Read here for more.
Implemented OpenID Connect features
The extension relies on maicol07/oidc-client-php, a heavenly modified fork of JuliusPC/OpenID-Connect-PHP. You can see a list of OIDC drafts and documents that have been implemented. However, the following features aren't already implemented in the extension at the time of writing (v3.0) and they can't be set/used:
- OpenID Connect Dynamic Client Registration 1.0
- RFC 7009: OAuth 2.0 Token Revocation
- RFC 7662: OAuth 2.0 Token Introspection
- Draft: OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response
How does it work?
The extension uses the authorization code flow variant of OpenID Connect. I suggest checking these resources to learn more about OIDC flow here:
- OpenID Connect website
- Explanation on the different OIDC flows
- Illustrated flow example
- Video about OIDC flow
Will it work on WordPress and other CMS?
Yes, as long as you're using a plugin that provides OpenID Connect features. For WordPress, you can try this one (not tested): https://wordpress.org/plugins/miniorange-oauth-20-server/
Installation
- Be sure to check Extiverse instructions in your subscriptions page on how to install a premium extension via composer.json 2Install by executing the command below and activate the extension in Flarum Administration area.
composer require maicol07/flarum-oidc-client:*
⚠️ PHP versions support/drop notice
PHP versions will be supported until its EOL. If Flarum core changes PHP version before the official EOL, I'll update too the version accordingly to what they have chosen.
Upgrading
Upgrade by executing the command below, like with every other extension.
composer update maicol07/flarum-oidc-client:*
Contact/Help
Since this is a premium extension, you also have premium support. So I'll help you in every error you're facing. You can contact me using the following services:
- Bug/feature tracker
- Discuss post, check link below
- Live chat from my personal webpage
- Telegram
- Discord (
maicol07)
Links
Versions
-
Version 3.0.1a.
Unlikely to work with Flarum v1.8.5.
-
9 additional versions.
-
Extension created.