Add OAuth authentication for Sylius admin panel
- Allow your admin users to subscribe and sign in with OAuth providers :
- Microsoft
- Allow domain connexion management.
Version | |
---|---|
PHP | ^8.1 |
Sylius | ^1.10 |
-
Add the bundle and dependencies in your composer.json :
$ composer require synolia/sylius-admin-oauth-plugin
-
Write your Google and/or Microsoft client Id and client secret in you .env file with those keys :
SYNOLIA_ADMIN_OAUTH_GOOGLE_CLIENT_ID= SYNOLIA_ADMIN_OAUTH_GOOGLE_CLIENT_SECRET= SYNOLIA_ADMIN_OAUTH_MICROSOFT_CLIENT_ID= SYNOLIA_ADMIN_OAUTH_MICROSOFT_CLIENT_SECRET=
-
In your security.yaml, add the OAuth authenticator in your admin firewall and put access_control paths you need depending on wich provider you use. They must be on top of the others :
security: enable_authenticator_manager: true firewalls: admin: custom_authenticators: - Synolia\SyliusAdminOauthPlugin\Security\Authenticator\OauthAuthenticator access_control: - { path: "%sylius.security.admin_regex%/connect/google", role: PUBLIC_ACCESS, requires_channel: https } - { path: "%sylius.security.admin_regex%/connect/google/check", role: PUBLIC_ACCESS, requires_channel: https } - { path: "%sylius.security.admin_regex%/connect/microsoft", role: PUBLIC_ACCESS, requires_channel: https } - { path: "%sylius.security.admin_regex%/connect/microsoft/check", role: PUBLIC_ACCESS, requires_channel: https }
-
Create a config/routes/synolia_oauth.yaml to configure plugin's routes and to prefix them with 'admin':
synolia_oauth: resource: '@SynoliaSyliusAdminOauthPlugin/config/routes.yaml' prefix: '/%sylius_admin.path_name%'
-
Create a config/packages/synolia_oauth_config.yaml to import all required configs :
imports: - { resource: "@SynoliaSyliusAdminOauthPlugin/config/app.yaml" }
-
Add this trait to your App\Entity\User\AdminUser.php
use Doctrine\ORM\Mapping as ORM; use Sylius\Component\Core\Model\AdminUser as BaseAdminUser; use Synolia\SyliusAdminOauthPlugin\Entity\User\CustomAdminUserTrait; class AdminUser extends BaseAdminUser { use CustomAdminUserTrait; }
-
Apply migrations to your database:
php bin/console doctrine:migrations:migrate
-
After the first installation, no domain is configured so you have to add one to be able to connect with OAuth. If you allready have admin users, add one through the administration panel and authorize it. You can access it through OAuth domain administration section in the menu.
Don't forget to add your Allowed redirect URIs in Google cloud console or Azure Active Directory ! Full documentation here :
- Google : https://cloud.google.com/looker/docs/admin-panel-authentication-google
- Microsoft : https://learn.microsoft.com/en-en/azure/active-directory/architecture/auth-oauth2
You can now connect to your accounts with OAuth in the admin login pannel !
- Error 'TOO_MANY_REDIRECT' : add these two lines
- services.yaml:
parameters: router.request_context.scheme: 'https'
- framework.yaml:
framework: trusted_proxies: '127.0.0.1,REMOTE_ADDR'
- services.yaml:
- If you don't see your oauth connexion button, verify your .env variables where your client_id and client_secret are specified
- If you have "Impossible to connect, try again" message, don't forget to configure your authorized domains in back-office.
See How to contribute.
This library is under the EUPL-1.2 license.
Developed by Synolia.