codemonkey1988 / be-google-auth
Google oAuth2 sign in for backend users.
Requires
- hackzilla/password-generator: ^1.4
- typo3/cms-core: ^9.5 || ^10.4
Requires (Dev)
- friendsofphp/php-cs-fixer: ^2.13
- nimut/testing-framework: ^5.0
Replaces
- typo3-ter/be-google-auth: 0.3.3
README
This extension enables Google oAuth authentication for TYPO3 backend users.
Motivation
Companies especially agencies needs to manage multiple TYPO3 backend users for multiple instances. This can be a really annoying and error-prone process. This extension enables TYPO3 backend login with google accounts, that might get managed by a G Suite Administrator account. So there is a central user management.
Installation
This extension can currently only be installed by composer.
composer require codemonkey1988/be-google-auth
Configuration
To use this extension, you must create a Google OAuth client ID.
Create Google OAuth client ID
First you need a create OAuth credentials:
- Login to https://console.cloud.google.com/
- Navigate to APIs & Services using the burger menu on the top left edge
- Navigate to Credentials in the sub-navigation.
- Create new credentials using the Create credentials button and select OAuth client ID
- Choose Web application as application type
- Enter a name for the credentials
- Enter the URL from your TYPO3 installation into the Authorized JavaScript Origins field
- Leave the Authorized redirect URLs field blank
Second you need a setup an OAuth consent screen:
- Login to https://console.cloud.google.com/
- Navigate to APIs & Services using the burger menu on the top left edge
- Navigate to Credentials in the sub-navigation.
- Switch to the Tab OAuth consent screen
- Set Application type to Internal
- Enter an Application name and optionally upload a logo
- Add the following items to Scopes for Google APIs:
email, profile, openid
You are not ready to go. To improve security you can also set Authorized domains according to your TYPO3 installation.
Setup the extension
After installing the extension, you need to do some setup (it will be quick 😉)
- Go to the extension configuration
(In TYPO3 v8 it is available using the ⚙️ button in the Extensions module, in TYPO3 v9 use go to Settings module and choose Extension Configuration) - Enter you Google OAuth client ID into the corresponding field and save the configuration
- Create or edit a backend user and add the email address from the users Google account into the email field
This user can now login using his Google account. The user will have the same privileges as logging in with username and password.
Setup G Suite usage
This extension also supports G Suite accounts. Using G Suite setup allows all users belonging to a configured organisation to login using their google accounts without creating a backend user first. When there is not backend user, a new user will be automatically created during the first login process.
The setup is also done in the extension configuration (see Setup the extension). The following part will describe the available settings.
Enable Google G Suite features
Enables the G Suite features.
Organisations
A list of G Suite organisations (domains) that should get access to the TYPO3 system.
Note that every user that belongs to one of the organisations will have access to the TYPO3 backend.
Create admin users by default Every new user that logs in to TYPO3 will automatically get admin privileges. USE WITH CARE!
Create admin users by email address in file
You can specify a path to a text file that contains email addresses (one each line)
All new users matching one of the email addresses in this file will get admin privileges.
All other accounts will be normal TYPO3 backend users. (See Backend user group uids)
You can use a local path (also with EXT: prefix) or a url.
Backend user group uids A list of UIDs for backend user groups. This backend user groups will get assigned to all new users that do not have admin privileges.
Found an issue?
You can create new issues at https://github.com/codemonkey1988/be-google-auth/issues.
If you found a security issue please contact me personally using one of the following methods:
- Twitter: @codemonkey1988
- TYPO3 Slack: timschreiner
- Email: dev@tim-schreiner.de
Special Thanks
A special thanks goes to Georg Ringer who inspired me with this idea. This extension is based on his extension google_signin.