joomlaflarum:usage
This is an old revision of the document!
Table of Contents
Joomla to Flarum JWT SSO Integration
Overview
This plugin now supports JWT-based Single Sign-On between Joomla and Flarum using the maicol07/flarum-ext-sso extension.
Setup Steps
1. Configure Flarum SSO Extension
First, configure the Flarum SSO extension with these settings:
- Provider Mode: ✓ Enable (this prevents login lockout)
- JWT Issuer:
https://combo.remository.com - JWT Signing Algorithm:
Sha256 - JWT Signer Key:
c1Y9I+cYf8x5p4pxJDZj7GuAgoi/0ueAn2WC2D+3WYs=
2. Update Joomla Plugin Configuration
In the Joomla plugin parameters, add these new settings:
- Use JWT Tokens: Yes (enables JWT mode)
- JWT Issuer:
https://combo.remository.com - JWT Signer Key:
c1Y9I+cYf8x5p4pxJDZj7GuAgoi/0ueAn2WC2D+3WYs= - Enable Custom SSO: Yes
3. Usage in Joomla Templates
Create a “Access Forum” Link
<?php // In your Joomla template or module $user = JFactory::getUser(); if (!$user->guest) { // User is logged in, create JWT login URL $app = JFactory::getApplication(); $jinput = $app->input; // Make AJAX call to generate JWT login URL $url = JUri::root() . 'index.php?option=com_ajax&plugin=flarum&group=user&method=createJwtLoginUrl&format=json'; echo '<a href="#" onclick="accessForum()" class="btn btn-primary">Access Forum</a>'; echo '<script> function accessForum() { fetch("' . $url . '") .then(response => response.json()) .then(data => { if (data.success && data.data.login_url) { window.open(data.data.login_url, "_blank"); } else { alert("Failed to create forum login URL"); } }) .catch(error => console.error("Error:", error)); } </script>'; } else { echo '<a href="' . JRoute::_('index.php?option=com_users&view=login') . '">Login to Access Forum</a>'; } ?>
Auto-redirect on Login (Optional)
To automatically generate a JWT token on user login, the plugin already handles this via the onUserLogin event when JWT mode is enabled.
4. How It Works
- User logs into Joomla: Plugin detects login via
onUserLoginevent - JWT token generated: Plugin creates a JWT token with user data
- Flarum login URL created: Token is embedded in the Flarum SSO endpoint URL
- User accesses Flarum: When user visits the URL, Flarum validates the JWT and logs them in
5. JWT Token Structure
The generated JWT tokens contain:
{
"iss": "https://combo.remository.com",
"sub": "123",
"jti": "123",
"username": "johndoe",
"email": "john@example.com",
"name": "John Doe",
"groups": [
{"id": 1, "name": "Registered"},
{"id": 2, "name": "Public"}
],
"iat": 1234567890,
"exp": 1234571490
}
6. Security Notes
- JWT tokens expire after 1 hour by default
- Tokens are signed with HMAC-SHA256
- Both Joomla and Flarum must use the same signing key
- Provider mode prevents Flarum from breaking normal login
7. Troubleshooting
- Check Flarum logs: Look in Flarum admin for error messages
- Verify JWT settings: Ensure both sites use identical JWT configuration
- Test JWT generation: Use the included
test_jwt.phpscript - Check network connectivity: Ensure Joomla can reach Flarum API
8. Testing
Run the included test script to verify JWT generation:
cd /var/www/flarum/plugins/user/flarum php test_jwt.php
This will generate a test JWT token and validate its structure.
Benefits of JWT vs Legacy Token Method
- Standardized: JWT is an industry standard
- Secure: Built-in expiration and signature validation
- Stateless: No need to store tokens in database/session
- Portable: Can include rich user data in the token itself
- Compatible: Works with Flarum’s official SSO extension
joomlaflarum/usage.1758105302.txt.gz · Last modified: 2025/09/17 10:35 by admin