Php - Flarum SSO with CodeIgniter

James
July 21, 2023
83 views
0 votes
2 Answers

I’m trying to build out the requirements for the Flarum SSO PHP plugin with CodeIgniter as the SSO provider, and I feel like I’m really close – but it just doesn’t quite work. I can see that the credentials pass to Flarum on user login, but when navigating to Flarum the user is not logged in and the only cookie is flarum_session.

Here’s my code; this is all on my local/test server, so the keys and tokens don’t matter:

// Shield to Flarum integration
Events::on('login', function ($user) {
    $request = service('request');

    $password = $request->getPost('password');
    $remember = ($request->getPost('remember') === 'on') ? true : false;

    $flarum = new Flarum([
        'url' => 'http://flarum.home-nas',
        'root_domain' => 'home-nas',
        'api_key' => 'v5vxq5rrPVLgmddjZgYf4nngzeWyy3YfDB56rk5w',
        'password_token' => 'k%RG*sG?N!_F~x62{@CjhHtrpcamHyXsf=P%Uj43Ze!qU9G}|RsQPG{6K',
        'verify_ssl' => false,
        'remember' => $remember
    ]);

    /** 
     * Flarum usernames are not email addresses, and the SSO plugin complains with emails. 
     * If the username doesn't exist, we need to create a username from the email address, 
     * else grab it from the CodeIgniter user object
     */

    $usernameonly = substr($user->email, 0, strpos($user->email, "@"));
    $cleaned_up = preg_replace("/[^A-Za-z0-9]/", '', $usernameonly);

    $flarum_user = !empty($user->username) ? $flarum->user($user->username) : $flarum->user($cleaned_up);

    //User details
    $flarum_user->attributes->email = $user->email;
    $flarum_user->attributes->password = $password;
    //$flarum_user->attributes->is_email_confirmed = true; /* is_email_confirmed is undefined in intelephense */

    // Login the user with username
    $flarum_success = $flarum_user->login();
    if ($flarum_success) {
        log_message("notice", "flarum thinks it worked");
    } else {
        log_message("notice", "flarum thinks it failed.");
    }
});

Answers

- dthedeveloper
- July 20, 2023 at 7:04 pm
- 0 votes
0
Based on your code, it seems you are trying to integrate Flarum and CodeIgniter using a Single Sign-On (SSO) approach. I can see a few potential issues in your code that might be causing the problem. Let’s go through them one by one:
Flarum Usernames:
You mentioned that Flarum usernames are not email addresses. The SSO plugin expects a unique identifier for the user. If the username doesn’t exist in Flarum, you are trying to use the email address as the username. However, you should not modify the user’s details in Flarum during the SSO process. Instead, you should use a stable unique identifier (like the user’s ID in CodeIgniter) to map the users between the two systems.

Undefined Property “is_email_confirmed”:
The is_email_confirmed property is not a direct attribute of the Flarum user. You should avoid setting this property directly. Flarum handles email confirmation through its own mechanisms, and you should let Flarum handle it internally.

Flarum API Key and Password Token:

Double-check that the Flarum API key and password token are correct. An incorrect API key or token could prevent the SSO process from working correctly.

Flarum Session:
You mentioned that the only cookie you see is flarum_session. In a successful SSO integration, there should be another cookie or token that serves as proof of authentication for Flarum. The absence of this token could indicate a problem with the SSO integration.

To make the integration work, I suggest the following changes:

Ensure that you use a stable and unique identifier for the users between CodeIgniter and Flarum. It could be the user’s ID in CodeIgniter.
Instead of modifying user details in Flarum, only use the unique identifier (e.g., user ID) during the SSO process. Do not set the email or password attributes.
Make sure the Flarum API key and password token are correct.
Check the Flarum documentation for the correct process of handling SSO and confirm that you are following it accurately.
Verify that the SSO plugin you are using in Flarum is correctly configured to work with CodeIgniter as the SSO provider.

Remember that the SSO integration between two systems can be complex, and it's essential to carefully follow the documentation and guidelines provided by Flarum and the SSO plugin to make it work correctly.

use FlarumAuthSSOLoginProvider;
use FlarumUserGuest;

Events::on('login', function ($user) {
$request = service('request');

$password = $request->getPost('password');
$remember = ($request->getPost('remember') === 'on') ? true : false;

// Your Flarum API URL and credentials
$flarumApiUrl = 'http://flarum.home-nas';
$flarumApiKey = 'v5vxq5rrPVLgmddjZgYf4nngzeWyy3YfDB56rk5w';
$flarumPasswordToken = 'k%RG*sG?N!_F~x62{@CjhHtrpcamHyXsf=P%Uj43Ze!qU9G}|RsQPG{6K';

// Generate SSO token for the user
$payload = [
    'uid' => $user->id, // Use a unique identifier for the user from     CodeIgniter
    'email' => $user->email,
    'username' => $user->username,
    // Add any other user attributes that you want to pass to Flarum
];

 $token = JWT::encode($payload, $flarumPasswordToken);

// Set the SSO token as a cookie in the user's browser
  setcookie('flarum_sso', $token, time() + 3600, '/', '.home-nas', false, true);

 // Redirect the user back to Flarum
$redirectUrl = $flarumApiUrl . '/auth/sso';
redirect()->to($redirectUrl);
});

not tested , here i updated code with jwt

Please signup or login to give your own answer.

Click here to cancel reply.

Php – Flarum SSO with CodeIgniter

Answers