Download the PHP package flownative/openidconnect-neos without Composer

On this page you can find all versions of the php package flownative/openidconnect-neos. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package openidconnect-neos

MIT license Packagist Maintenance level: Love

OpenID Connect for the Neos CMS

This package provides an OpenID Connect (OIDC) "bridge" for Neos.

It provides sane defaults for the OIDC client package, and provides a way to match Neos backend users to OIDC users. Optionally users can be created on the fly if they don't exist yet.

Terms and Background

Before deploying OpenID Connect for your application, you should get familiar with the concepts. For a quick reminder, you should can the documentation of Flownative.OpenIdConnect.Client

Requirements

In order to use this plugin you need:

Installation

The plugin is installed via Composer:

Configuration

This packages provies sane defaults for most of the configuration, suitable for Neos CMS.

The OIDC provider connection must be set up. The default configuration uses these environment variables:

You may of course set the values directly:

And you must set up how roles are determined, see the next section.

Roles

Hard-coded roles

You may configure the provider as follows:

That is the simplest way of configuring roles, but also very "static", no variation is possible.

Roles from Identity Token

The provider can extract the roles from the identity token values. The roles provided by the token must have the same identifier as in Neos.

Given that the identity token provides a claim called "https://flownative.com/roles", you may configure the provider as follows:

When a user logs in and her identity token has a value "https://flownative.com/roles" containing an array of Flow role identifiers, the OpenID Connect provider will automatically assign these roles.

Roles can be mapped in case their values don't match the required Flow role pattern (<Package-Key>:<Role>) or if multiple roles should be translated to a single role:

You may specify multiple claim names which are all considered for compiling a list of roles.

Check logs for hints if things are not working as expected.

Roles from an Existing Account

If you use locally created Neos users (accounts with the same username which is provided by the identity token), the roles of that (persisted) account can be used:

You may mix "rolesFromClaims" with "addRolesFromExistingAccount". In that case roles from claims and existing accounts will be merged.

Again, check the logs for hints if things are not working as expected.

Roles for Auto-Created Neos Users

In case auto-creation of users is enabled, the roles on the new user can be set by configuration:

Note that you still must use (at least) one of the options to assign roles, namely "rolesFromClaims" and "addRolesFromExistingAccount".

Optional settings

You can set the JWT cookie name if you need to use a different name.

If your OpenID Connect provider does not return a username, you can map it like this:

So far this assumes you locally create Neos users with the same username as the OIDC provider returns. You can enable auto-creation of Neos users like this:

The mapping of firstname and lastname is needed in case those are not returned with those names by your OIDC provider. They are used for the created users. If the identity token contains first name and last name in a single property, you can use the "name" mapping:

Debugging

Credits and Support

This library was developed by Karsten Dambekalns / Flownative. Feel free to suggest new features, report bugs or provide bug fixes in our Github project.

Thanks to Daniel Lienert / punkt.de for the initial implementation of the AccountManager class.

All versions of openidconnect-neos with dependencies

PHP Build Version
Package Version
Requires neos/neos Version ^8.3 || ^9.0 || dev-main
flownative/openidconnect-client Version ^3.0 || ^4.0 || ^5.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package flownative/openidconnect-neos contains the following files

Loading the files please wait ...