OpenID Connect Authentication for YOURLS
This plugin enables authentication against a generic OpenID Connect server in YOURLS.
- Respects YOURLS auth flow
- Respects YOURLS hard-coded logins, if desired
- Can link OpenID Connect accounts to existing YOURLS accounts
- Sets user to
sub, sets display name topreferred_username - Single Sign Out: signing out of YOURLS signs off OIDC server.
- YOURLS 7.4.0
- The jumbojett/OpenID-Connect-PHP library
composer,php-curl,php-xml, andphp-json- A working OpenID Connect servier (Tested against Keycloak)
- If installed, remove dgw/yourls-dont-track-admins, or replace it with joshp23/YOURLS-No-Tracking-Admins for compatability.
- Download this repo and extract the
oidcfolder intoYOURLS/user/plugins/ cdto the directory you just created- Run
composer installin that directory to fetch the OIDC library - Define OIDC server parameters (see below)
- configure OIDC, see below.
- Enable in Admin
Config: user/config.php file.
// oidc server
define( 'OIDC_BASE_URL', 'https://keycloak.example.com/auth/realms/master/' );
define( 'OIDC_CLIENT_NAME', 'YOURLS' );
define( 'OIDC_CLIENT_SECRET', 'YOUR-SUPER-SECRET-HASH' );
// Option 1: link OIDC users to local YOURLS users
$oidc_profiles = array(
'YOURLS_UNAME' => 'sub attribute from OIDC provider',
);
// Option 2, all users on OIDC platform have YOURLS accounts. uses 'preferred_username' attribute
define( 'OIDC_BYPASS_YOURLS_AUTH', true );
// If behind Reverse Proxies YOURLS URL might be incorrectly detected for redirects; manually set it here to force redirects to the right page.
// Note it points to /admin/ and not the root.
define( 'OIDC_REDIRECT_URL', 'https://yourls.example.com/admin/' );
- Tight integration with AuthMgrPlus
- Group and attribute assignment
- User panel in admin for linking to existing accounts with the push of a button
Dogecoin: DARhgg9q3HAWYZuN95DKnFonADrSWUimy3
Copyright 2019 Joshua Panter