This plugin now supports JWT-based Single Sign-On between Joomla and Flarum using the maicol07/flarum-ext-sso extension.

First, configure the Flarum SSO extension with these settings:

• Provider Mode: ✓ Enable (this prevents login lockout)
• JWT Issuer: https://combo.remository.com
• JWT Signing Algorithm: Sha256
• JWT Signer Key: c1Y9I+cYf8x5p4pxJDZj7GuAgoi/0ueAn2WC2D+3WYs=

In the Joomla plugin parameters, add these new settings:

• Use JWT Tokens: Yes (enables JWT mode)
• JWT Issuer: https://combo.remository.com
• JWT Signer Key: c1Y9I+cYf8x5p4pxJDZj7GuAgoi/0ueAn2WC2D+3WYs=
• Enable Custom SSO: Yes

This can be used as an alternative or a supplement to creating a menu item to point to the forum.

<?php
// In your Joomla template or module
$user = JFactory::getUser();
 
if (!$user->guest) {
    // User is logged in, create JWT login URL
    $app = JFactory::getApplication();
    $jinput = $app->input;
 
    // Make AJAX call to generate JWT login URL
    $url = JUri::root() . 'index.php?option=com_ajax&plugin=flarum&group=user&method=createJwtLoginUrl&format=json';
 
    echo '<a href="#" onclick="accessForum()" class="btn btn-primary">Access Forum</a>';
    echo '<script>
    function accessForum() {
        fetch("' . $url . '")
        .then(response => response.json())
        .then(data => {
            if (data.success && data.data.login_url) {
                window.open(data.data.login_url, "_blank");
            } else {
                alert("Failed to create forum login URL");
            }
        })
        .catch(error => console.error("Error:", error));
    }
    </script>';
} else {
    echo '<a href="' . JRoute::_('index.php?option=com_users&view=login') . '">Login to Access Forum</a>';
}
?>

1. User logs into Joomla: Plugin detects login via onUserLogin event
2. JWT token generated: Plugin creates a JWT token with user data
3. Flarum login URL created: Token is embedded in the Flarum SSO endpoint URL
4. User accesses Flarum: When user visits the URL, Flarum validates the JWT and logs them in

The generated JWT tokens contain:

{
  "iss": "https://combo.remository.com",
  "sub": "123",
  "jti": "123", 
  "username": "johndoe",
  "email": "john@example.com",
  "name": "John Doe",
  "groups": [
    {"id": 1, "name": "Registered"},
    {"id": 2, "name": "Public"}
  ],
  "iat": 1234567890,
  "exp": 1234571490
}

• JWT tokens expire after 1 hour by default
• Tokens are signed with HMAC-SHA256
• Both Joomla and Flarum must use the same signing key
• Provider mode prevents Flarum from breaking normal login

• Check Flarum logs: Look in Flarum admin for error messages
• Verify JWT settings: Ensure both sites use identical JWT configuration
• Test JWT generation: Use the included test_jwt.php script
• Check network connectivity: Ensure Joomla can reach Flarum API

Run the included test script to verify JWT generation:

cd /var/www/flarum/plugins/user/flarum
php test_jwt.php

This will generate a test JWT token and validate its structure.

• Standardized: JWT is an industry standard
• Secure: Built-in expiration and signature validation
• Stateless: No need to store tokens in database/session
• Portable: Can include rich user data in the token itself
• Compatible: Works with Flarum’s official SSO extension