Usage

Overview

This plugin now supports JWT-based Single Sign-On between Joomla and Flarum using the maicol07/flarum-ext-sso extension.

Setup Steps

1. Configure Flarum SSO Extension

First, configure the Flarum SSO extension with these settings:

  1. Provider Mode: ✓ Enable (this prevents login lockout)
  2. JWT Issuer: %%https://combo.remository.com%%
  3. JWT Signing Algorithm: %%Sha256%%
  4. JWT Signer Key: %%c1Y9I+cYf8x5p4pxJDZj7GuAgoi/0ueAn2WC2D+3WYs=%%

2. Update Joomla Plugin Configuration

In the Joomla plugin parameters, add these new settings:

  1. Use JWT Tokens: Yes (enables JWT mode)
  2. JWT Issuer: %%https://combo.remository.com%%
  3. JWT Signer Key: %%c1Y9I+cYf8x5p4pxJDZj7GuAgoi/0ueAn2WC2D+3WYs=%%
  4. Enable Custom SSO: Yes

3. Usage in Joomla Templates

This can be used as an alternative or a supplement to creating a menu item to point to the forum.

Create a “Access Forum” Link

<?php
// In your Joomla template or module
$user = JFactory::getUser();

if (!$user->guest) {
    // User is logged in, create JWT login URL
    $app = JFactory::getApplication();
    $jinput = $app->input;

    // Make AJAX call to generate JWT login URL
    $url = JUri::root() . 'index.php?option=com_ajax&plugin=flarum&group=user&method=createJwtLoginUrl&format=json';

    echo '<a href="#" onclick="accessForum()" class="btn btn-primary">Access Forum</a>';
    echo '<script>
    function accessForum() {
        fetch("' . $url . '")
        .then(response => response.json())
        .then(data => {
            if (data.success && data.data.login_url) {
                window.open(data.data.login_url, "_blank");
            } else {
                alert("Failed to create forum login URL");
            }
        })
        .catch(error => console.error("Error:", error));
    }
    </script>';
} else {
    echo '<a href="' . JRoute::_('index.php?option=com_users&view=login') . '">Login to Access Forum</a>';
}
?>

4. How It Works

  1. User logs into Joomla: Plugin detects login via %%onUserLogin%% event
  2. JWT token generated: Plugin creates a JWT token with user data
  3. Flarum login URL created: Token is embedded in the Flarum SSO endpoint URL
  4. User accesses Flarum: When user visits the URL, Flarum validates the JWT and logs them in

5. JWT Token Structure

The generated JWT tokens contain:

{
  "iss": "https://combo.remository.com",
  "sub": "123",
  "jti": "123", 
  "username": "johndoe",
  "email": "john@example.com",
  "name": "John Doe",
  "groups": [
    {"id": 1, "name": "Registered"},
    {"id": 2, "name": "Public"}
  ],
  "iat": 1234567890,
  "exp": 1234571490
}

6. Security Notes

  1. JWT tokens expire after 1 hour by default
  2. Tokens are signed with HMAC-SHA256
  3. Both Joomla and Flarum must use the same signing key
  4. Provider mode prevents Flarum from breaking normal login

7. Troubleshooting

  1. Check Flarum logs: Look in Flarum admin for error messages
  2. Verify JWT settings: Ensure both sites use identical JWT configuration
  3. Test JWT generation: Use the included %%test_jwt.php%% script
  4. Check network connectivity: Ensure Joomla can reach Flarum API

8. Testing

Run the included test script to verify JWT generation:

cd /var/www/flarum/plugins/user/flarum
php test_jwt.php

This will generate a test JWT token and validate its structure.

Benefits of JWT vs Legacy Token Method

  1. Standardized: JWT is an industry standard
  2. Secure: Built-in expiration and signature validation
  3. Stateless: No need to store tokens in database/session
  4. Portable: Can include rich user data in the token itself
  5. Compatible: Works with Flarum’s official SSO extension