Download the PHP package causal/oidc without Composer
On this page you can find all versions of the php package causal/oidc. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Package oidc
Short Description This extension uses OpenID Connect to authenticate users.
License GPL-2.0-or-later
Homepage https://github.com/xperseguers/t3ext-oidc
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package oidc
OpenID Connect for TYPO3 frontend login
This extension lets you authenticate frontend users against an OpenID Connect provider.
Examples of such identity provider software or services are:
- Microsoft EntraID
- GitHub
- ID Austria
- WSO2 Identity Server
- Keycloak
- Authentik
Pre-configuration for Swiss Alpine Club
The extension is preconfigured to work with the WSO2 Identity Server from the Swiss Alpine Club, but may be used with any OpenID Connect identity server as well.
If you are a Swiss Alpine Club section, be sure to get in touch with Bern in order to get your dedicated private key and secret.
Default frontend login box
This extension integrates with the system extension 'felogin', if it is installed.
This Fluid markup can be used to include a link to the authentication endpoint of the identity provider.
See also Resources/Private/Templates/Login/Login.html as reference.
Direct OIDC Login
If OpenID Connect is your only means of frontend login, you can use the included "OIDC Login" plugin. Add it to your login page, where you would normally add the felogin box. After adding the OIDC Login plugin, requests to the login page will immediately be redirected to the identity provider.
After the login process, the user will be redirected:
- The OIDC Login supports the same
redirect_urlparameter as the felogin box - If no parameter is set, OIDC Login will redirect the user to the page
configured at
plugin.tx_oidc_login.defaultRedirectPid. - If that configuration is not set either, the user will be redirected to '/'.
PKCE (Proof of Key for Code Exchange)
If your OIDC Login supports Proof of Key for Code Exchange you can enable it
by checking enableCodeVerifier in the extension configuration. A shared secret
will be sent along preventing Authorization Code Interception Attacks. See
https://tools.ietf.org/html/rfc7636 for details.
Configuration
Mapping Frontend User Fields
- Configuration is done through TypoScript within
plugin.tx_oidc.mapping.fe_users -
OIDC attributes will be recognized by the specific characters
<>: -
You may combine multiple markers as well, e.g.,
-
Support for stdWrap in field definition, e.g.,
- Support for TypoScript "split"
(
//). This will check multiple field names and return the first one yielding some non-empty value. E.g.,
Mapping Frontend User Groups
- Create your groups within TYPO3
- Use the additional pattern to relate it to roles within OpenID Connect
- Local TYPO3 groups (not related to some role) will be kept upon authenticating
- Default TYPO3 group(s) as configured in Extension Manager will always be added
OIDC Login
plugin.tx_oidc_login.defaultRedirectPidUID of the page that users will be redirected to, if noredirect_urlparameter is set.
Logging
This extension makes use of the Logging system introduced in TYPO3 CMS 6.0. It is far more flexible than the old one writing to the "sys_log" table. Technical details may be found in the TYPO3 Core API.
As an administrator, what you should know is that the TYPO3 Logger forwards log records to "Writers", which persist the log record.
By default, with a vanilla TYPO3 installation, messages are written to the
default log file (var/log/typo3_*.log).
Dedicated Log File for OpenID Connect
If you want to redirect every logging information from this extension to
var/log/oidc.log and send log entries with level "WARNING" or above to the
system log, you may add following configuration to
typo3conf/AdditionalConfiguration.php:
Hint: Be sure to read Configuration of the Logging system to fine-tune your configuration on any production website.
Using additional identity provider packages
The underlying PHP library for OAuth2 can be extended for specific identity providers by adding additional packages.
Example: For Microsoft EntraID (Azure) the package is thenetworg/oauth2-azure
In order to use these kinds of packages, one needs to implement a custom
OAuth2ProviderFactory, which takes care of initializing the specific provider.
Here is an example for the aforementioned Azure package:
Migration from v2 to v3
Version 3 has developed to a major rewrite of the extension. It gets rid of extbase dependencies, handles things as early as possible (middleware) and streamlines a lot of code.
Please refer to the CHANGELOG.md for further details.
Credits
This TYPO3 extension is created and maintained by:
- Xavier Perseguers (https://www.causal.ch/)
- Markus Klein (https://reelworx.at/)
A big "Thanks" goes out to all contributors.
All versions of oidc with dependencies
ext-json Version *
typo3/cms-core Version ^11.5 || ^12.4 || ^13.4
typo3/cms-frontend Version ^11.5 || ^12.4 || ^13.4
league/oauth2-client Version ^2.8
firebase/php-jwt Version ^6.10