synolia/sylius-admin-oauth-plugin

Oauth plugin for Sylius admin.

Maintainers

Details

github.com/synolia/SyliusAdminOAuthPlugin

Source

Issues

Installs: 790

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 11

Forks: 0

Open Issues: 0

Type:sylius-plugin

v1.0.3 2024-03-01 10:50 UTC

Requires

Requires (Dev)

EUPL-1.2 acbfbc3555192357b7fa26dd438b35931d24c053

syliussylius-plugin

This package is auto-updated.

Last update: 2024-03-30 11:01:26 UTC

README

License CI - Analysis CI - Sylius Version Total Downloads

sylius_logo.png

Synolia SyliusAdminOauthPlugin

Add OAuth authentication for Sylius admin panel

Features

  • Allow your admin users to subscribe and sign in with OAuth providers :
    • Google
    • Microsoft
  • Allow domain connexion management.

Requirements

Version
PHP ^8.1
Sylius ^1.10

Installation

  1. Add the bundle and dependencies in your composer.json :

    $ composer require synolia/sylius-admin-oauth-plugin

  2. Write your Google and/or Microsoft client Id and client secret in you .env file with those keys :

    SYNOLIA_ADMIN_OAUTH_GOOGLE_CLIENT_ID=
SYNOLIA_ADMIN_OAUTH_GOOGLE_CLIENT_SECRET=

SYNOLIA_ADMIN_OAUTH_MICROSOFT_CLIENT_ID=
SYNOLIA_ADMIN_OAUTH_MICROSOFT_CLIENT_SECRET=

  3. In your security.yaml, add the OAuth authenticator in your admin firewall and put access_control paths you need depending on wich provider you use. They must be on top of the others :

    security:
  enable_authenticator_manager: true
  firewalls:
    admin:
        custom_authenticators:
            - Synolia\SyliusAdminOauthPlugin\Security\Authenticator\OauthAuthenticator

  access_control:
    - { path: "%sylius.security.admin_regex%/connect/google",       role: PUBLIC_ACCESS, requires_channel: https }
    - { path: "%sylius.security.admin_regex%/connect/google/check", role: PUBLIC_ACCESS, requires_channel: https }

    - { path: "%sylius.security.admin_regex%/connect/microsoft",       role: PUBLIC_ACCESS, requires_channel: https }
    - { path: "%sylius.security.admin_regex%/connect/microsoft/check", role: PUBLIC_ACCESS, requires_channel: https }

  4. Create a config/routes/synolia_oauth.yaml to configure plugin's routes and to prefix them with 'admin':

     synolia_oauth:
     resource: '@SynoliaSyliusAdminOauthPlugin/config/routes.yaml'
     prefix: '/%sylius_admin.path_name%'

  5. Create a config/packages/synolia_oauth_config.yaml to import all required configs :

    imports:
  - { resource: "@SynoliaSyliusAdminOauthPlugin/config/app.yaml" }

  6. Add this trait to your App\Entity\User\AdminUser.php

    use Doctrine\ORM\Mapping as ORM;
use Sylius\Component\Core\Model\AdminUser as BaseAdminUser;
use Synolia\SyliusAdminOauthPlugin\Entity\User\CustomAdminUserTrait;

class AdminUser extends BaseAdminUser
{
     use CustomAdminUserTrait;
}

  7. Apply migrations to your database:

     php bin/console doctrine:migrations:migrate

  8. After the first installation, no domain is configured so you have to add one to be able to connect with OAuth. If you allready have admin users, add one through the administration panel and authorize it. You can access it through OAuth domain administration section in the menu.

Don't forget to add your Allowed redirect URIs in Google cloud console or Azure Active Directory ! Full documentation here :

You can now connect to your accounts with OAuth in the admin login pannel !

Troubleshootings

  • Error 'TOO_MANY_REDIRECT' : add these two lines
    • services.yaml: 
      parameters:
  router.request_context.scheme: 'https'
    • framework.yaml:
    framework:
  trusted_proxies: '127.0.0.1,REMOTE_ADDR'
  • If you don't see your oauth connexion button, verify your .env variables where your client_id and client_secret are specified
  • If you have "Impossible to connect, try again" message, don't forget to configure your authorized domains in back-office.

Development

See How to contribute.

License

This library is under the EUPL-1.2 license.

Credits

Developed by Synolia.