I’m trying to build out the requirements for the Flarum SSO PHP plugin with CodeIgniter as the SSO provider, and I feel like I’m really close – but it just doesn’t quite work. I can see that the credentials pass to Flarum on user login, but when navigating to Flarum the user is not logged in and the only cookie is flarum_session.
Here’s my code; this is all on my local/test server, so the keys and tokens don’t matter:
// Shield to Flarum integration
Events::on('login', function ($user) {
$request = service('request');
$password = $request->getPost('password');
$remember = ($request->getPost('remember') === 'on') ? true : false;
$flarum = new Flarum([
'url' => 'http://flarum.home-nas',
'root_domain' => 'home-nas',
'api_key' => 'v5vxq5rrPVLgmddjZgYf4nngzeWyy3YfDB56rk5w',
'password_token' => 'k%RG*sG?N!_F~x62{@CjhHtrpcamHyXsf=P%Uj43Ze!qU9G}|RsQPG{6K',
'verify_ssl' => false,
'remember' => $remember
]);
/**
* Flarum usernames are not email addresses, and the SSO plugin complains with emails.
* If the username doesn't exist, we need to create a username from the email address,
* else grab it from the CodeIgniter user object
*/
$usernameonly = substr($user->email, 0, strpos($user->email, "@"));
$cleaned_up = preg_replace("/[^A-Za-z0-9]/", '', $usernameonly);
$flarum_user = !empty($user->username) ? $flarum->user($user->username) : $flarum->user($cleaned_up);
//User details
$flarum_user->attributes->email = $user->email;
$flarum_user->attributes->password = $password;
//$flarum_user->attributes->is_email_confirmed = true; /* is_email_confirmed is undefined in intelephense */
// Login the user with username
$flarum_success = $flarum_user->login();
if ($flarum_success) {
log_message("notice", "flarum thinks it worked");
} else {
log_message("notice", "flarum thinks it failed.");
}
});
2
Answers
Based on your code, it seems you are trying to integrate Flarum and CodeIgniter using a Single Sign-On (SSO) approach. I can see a few potential issues in your code that might be causing the problem. Let’s go through them one by one:
You mentioned that Flarum usernames are not email addresses. The SSO plugin expects a unique identifier for the user. If the username doesn’t exist in Flarum, you are trying to use the email address as the username. However, you should not modify the user’s details in Flarum during the SSO process. Instead, you should use a stable unique identifier (like the user’s ID in CodeIgniter) to map the users between the two systems.
The is_email_confirmed property is not a direct attribute of the Flarum user. You should avoid setting this property directly. Flarum handles email confirmation through its own mechanisms, and you should let Flarum handle it internally.
Double-check that the Flarum API key and password token are correct. An incorrect API key or token could prevent the SSO process from working correctly.
You mentioned that the only cookie you see is flarum_session. In a successful SSO integration, there should be another cookie or token that serves as proof of authentication for Flarum. The absence of this token could indicate a problem with the SSO integration.
To make the integration work, I suggest the following changes:
Remember that the SSO integration between two systems can be complex, and it's essential to carefully follow the documentation and guidelines provided by Flarum and the SSO plugin to make it work correctly.
not tested , here i updated code with jwt