PHP code example of thathoff / kirby-oauth

1. Go to this page and download the library: Download thathoff/kirby-oauth library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php. 
    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

thathoff / kirby-oauth example snippets


return [
  'thathoff.oauth' => [
    // Add your providers configuration here
    'providers' => [
      // for details see „Provider Options” below
    ],

    // Only allow logins for existing kirby users (don’t create new users)
    'onlyExistingUsers' => false,

    // Set the default role of newly created users.
    'defaultRole' => 'admin',

    // Allow every valid user of all OAuth providers to login.
    // For details see “Configure Allowed Users” below.
    // DANGEROUS: Make sure you know what you’re doing when setting this to true!
    'allowEveryone' => false,

    // List of E-mail domains which are allowed to login
    'domainWhitelist' => [
      // For details see “Configure Allowed Users” below.
    ],

    // List of E-mail addresses which are allowed to login
    'emailWhitelist' => [
      // For details see “Configure Allowed Users” below.
    ],

    // List of E-mail addresses which will get the admin role assigned
    'adminWhitelist' => [
      // For details see “Configure Allowed Users” below.
    ],

    // Remove the standard Kirby login form and only display OAuth options.
    'onlyOauth' => false,

    // Automatically login with the first provider. This only works if `onlyOauth` is set to `true` and
    // only one provider is configured.
    'autoRedirect' => false

    // Set this to 'true' to disable checking for the 'email_verified' field in the OAuth response. While some providers do not send this information, it is recommended that you keep this option enabled if your provider supports it.
    'skipEmailVerifiedCheck' => false
  ],
];


> 'emailField'    => 'upn',
> 'emailVerified' => true,
> 

//...
'providers' => [
  'google' => [
    'class' => "League\OAuth2\Client\Provider\Google",  // Use special google class from league/oauth2-google
    'clientId' => 'somerandomstring.apps.googleusercontent.com',
    'clientSecret' => 'clientsecret',
    'hostedDomain' => 'example.com'  // Restrict users to an `@example.com` google account (optional)
    'icon'         => 'users'  // Pick any default Kirby icon for the login button (optional)
    'theme'        => 'green'  // Pick any  Kirby theme colors (see https://lab.getkirby.com/public/lab/components/buttons/2_themes)
  ],
  'custom' => [
    // this one uses \League\OAuth2\Client\Provider\GenericProvider automatically
    'name'                    => 'My Custom Provider' // The name is optional
    'clientId'                => 'demoapp',    // The client ID assigned to you by the provider
    'clientSecret'            => 'demopass',   // The client password assigned to you by the provider
    'redirectUri'             => 'https://kirby.example.com/your-redirect-url/',
    'urlAuthorize'            => 'https://example.com/oauth2/lockdin/authorize',
    'urlAccessToken'          => 'https://example.com/oauth2/lockdin/token',
    'urlResourceOwnerDetails' => 'https://example.com/oauth2/lockdin/resource',
    'icon'                    => 'users',  // Pick any default Kirby icon for the login button (optional)
    'theme'                   => 'green'  // Pick any  Kirby theme colors (see https://lab.getkirby.com/public/lab/components/buttons/2_themes)
    'scope'                   => 'openid email profile',  //specify the scope passed form the OIDC provider to kirby
    'emailField'              => 'email',  // Field in the provider's user data that contains the email address (default: "email"). Use "upn" for Azure AD.
    'emailVerified'           => null,  // Override the email_verified claim: true treats the provider as always verifying emails, false as never. null (default) trusts the email_verified claim from the provider.
  ],


/**
 * @var \League\OAuth2\Client\Provider\ResourceOwnerInterface $oauthUser
 * @var Kirby\Cms\User $user
 */

'hooks' => [
    'thathoff.oauth.user-create:before' => function ($oauthUser) {
      // return null|true to use the plugins user-creation
      // return a Kirby\Cms\User to overwrite the plugin user creation
    },
    'thathoff.oauth.user-create:after' => function ($oauthUser, $user) {

    },
    'thathoff.oauth.login:before' => function ($oauthUser, $user) {

    },
    'thathoff.oauth.login:after' => function ($oauthUser, $user) {

    }
]