Social Sign On

Introduction

Enhance user experience with seamless Social Sign-On, eliminating the need for complex registration forms and password management.

The Social Sign-On module allows users to effortlessly log in to your ExpressionEngine site using their favorite social media platforms. By integrating popular social login options such as Facebook, Google, Twitter, and more, you can streamline the login process, improve user convenience, and encourage engagement.

This module eliminates the need for complex registration forms and password management, making it easier than ever for visitors to access your site while maintaining secure authentication

header

currently supported

Documentation versions

Installation

Prerequisites

Make sure your system meets the minimum requirements:

Installation Instructions

Update instructions

License

For every paid addon you need to validate your license in order to activate the module.

On a local environment, like *.dev *.local *.localhost *.test the license is valid for testing and building a new or existing sites. For every other domain, you need to have a valid license.

Process of validating

Once installed, you will asked to enter your license key. When you entered a valid license you can hit the "Save license" button. This will start validating your license and will redirect you to addons.reinos.nl to login into your account. You can also register a new account in this process.

Control panel overview

Once logged in, you are asked to use your current account or to login with another one.

Control panel overview

Using the current logged in account, the server will check all info related to your license and once valid, it will redirect you back to your site where you see either a success message or an error message.

Control panel overview

License field

This module is using a license field to check if the license for the module is valid or not. On addons.reinos.nl you can check your license and add your valid domains.

Control panel overview

In the Module CP you can enter then your license Control panel overview

When you enter a wrong license, the module will not work and it shows you an warning Control panel overview

Invalid license

Sometimes it happens that the license system says you have an invalid license. When this happens, make sure you have entered your domain url in your account, next to your license on addons.reinos.nl.

If this will not fix your license problem, please contact us on https://addons.reinos.nl/support

How it works

As already know the SSO module will allow users to login on your site via a social provider. Below a couple of cases how the module will handle the login and what it will do.

The Login process

  1. The user clicks on of the social provider that are enabled.
  2. The user will redirect to the social provider and will be asked for his login.
  3. When the user enters the correct credentials, the user will be redirect to the EE site
  4. On the main EE site, the SSO module will check if the user exists.
  5. If the user does not exists:
    1. if member registration has been disabled.
      1. an error will be showed
    2. if member registration has been enabled.
      1. there will be a new member profile created for the user
      2. and a connect link will be made between the social provider and the EE site.
  6. If the user exists
    1. if the setting "Allow social login to merge with non social accounts" is set to no there will be shown an error on the screen and the user will be asked to enter a new email address.
    2. if the setting "Allow social login to merge with non social accounts" is set to yes the user will be logged in on the account that already exists on the EE site.
    3. if the user has an account, that is connected to a social provider, it will always login on the existing account.

CP Overview

On the CP page you can modify a couple of things.

Default settings

Provider settings

Also you can edit your settings per provider (social site) and per site there are different settings

Google

Name Description
Enabled Is the provider enabled or not
ID Your API ID
Secret Your API Secret

To get the API keys follow the following steps:

  1. Go to https://code.google.com/apis/console/ and create a new project.
  2. Go to API Access under API Project. After that click on Create an OAuth 2.0 client ID to create a new application.
  3. A pop-up named "Create Client ID" will appear, fill out any required fields such as the application name and description.
  4. Click on Next.
  5. On the popup set Application type to Web application and switch to advanced settings by clicking on (more options).
  6. Provide this URL as the Callback URL for your application: Callback url showed on the overview page

Facebook

Name Description
Enabled Is the provider enabled or not
ID Your API ID
Secret Your API Secret

To get the API keys follow the following steps:

  1. Go to https://developers.facebook.com/apps and create a new application by clicking "Create New App".
  2. Fill out any required fields such as the application name and description.
  3. Put your website domain in the Site Url field.

Twitter

Name Description
Enabled Is the provider enabled or not
ID Your API ID
Secret Your API Secret

To get the API keys follow the following steps:

  1. Go to https://dev.twitter.com/apps and create a new application.
  2. Fill out any required fields such as the application name and description.
  3. Put your website domain in the Website field.
  4. Provide this URL as the Callback URL for your application: Callback url showed on the overview page

LinkedIn

Name Description
Enabled Is the provider enabled or not
ID Your API ID
Secret Your API Secret

To get the API keys follow the following steps:

  1. Go to https://www.linkedin.com/secure/developer (or https://www.linkedin.com/secure/developer?newapp=) and create a new application.
  2. Fill out any required fields such as the application name and description.
  3. Copy the Callback URL from the SSO control panel into the OAuto 2.0 Authorized Redirect URL field.

Apple

Name Description
Enabled Is the provider enabled or not
ID Identifier ID of the Services ID
Team ID Team ID, can be found in the top-right of your screen
Key ID The ID of your key
Key Content The actual content of your (private) key

To get the API keys follow the following steps:

  1. Sign in to https://developer.apple.com/account/resources
  2. Create a new Identifier of type APP IDs and enable "Sign In with Apple".
  3. Create an other Identifier of type Serivces IDs and enable "Sign In with Apple". Configure it so it will use the Primary App ID created in step 2. Also, add your domain and redirect/callback URL e.g. https://your-domain/sso_route/auth/Apple This is your Identifier ID.
  4. Create a new Key with "Sign in with Apple" checked and your identifier attached via the config button. Download the key and safe it somewhere safe.

Resources

Email template

To customise the email template, you can alter the template in the Template Manager -> System Templates -> Email and look for SSO.

Has Connected Providers Tag

With the has_connected_providers tag you can check if the user has any provider connected to his account.

The tag

{exp:reinos_sso:has_connected_providers}

Example

{exp:reinos_sso:has_connected_providers}
    The user has a provider connected
{/exp:reinos_sso:has_connected_providers}

Login Tag

With the login_links tag you can add the provider to your website

The tag

{exp:reinos_sso:login_links}

Tag Parameters

Below are the Tag Parameters. Those parameters can be used in the tag described above, Default to the current_url.

return

the return url where the user will be redirected after logged in

return=""

no_email_return

Give a return url for when the email is unavailable from the social channel. Default to the return param

no_email_return=""

new_member_return

the return url for when the user is new. Default to the return param

new_member_return=""

Variables

Below are the variables. Those variables can be used in the tag described above

The login link to a provider

{exp:reinos_sso:login_links}
    {provider_link}
{/exp:reinos_sso:login_links}

provider_name

The Provider name

{exp:reinos_sso:login_links}
    {provider_name}
{/exp:reinos_sso:login_links}

linked Providers

With the linked_providers tag you can connect multiple providers to your account

The tag

{exp:reinos_sso:linked_providers}

Tag Parameters

Below are the Tag Parameters. Those parameters can be used in the tag described above, Default to the current_url.

return

the return url where the user will be redirected after logged in

return=""

Variables

Below are the variables. Those variables can be used in the tag described above

The connect link to a provider

{exp:reinos_sso:linked_providers}
    {provider_connect_link}
{/exp:reinos_sso:linked_providers}

The disconnect link to a provider

{exp:reinos_sso:linked_providers}
    {provider_disconnect_link}
{/exp:reinos_sso:linked_providers}

provider_name

The Provider name

{exp:reinos_sso:linked_providers}
    {provider_name}
{/exp:reinos_sso:linked_providers}

provider_is_connected

Variable to check if a user is connected

{exp:reinos_sso:linked_providers}
    {if provider_is_connected}
        <a href="{provider_disconnect_link}">Disconnect from {provider_name}</a>
    {if:else}
        <a href="{provider_connect_link}">Link with {provider_name}</a>
    {/if}
{/exp:reinos_sso:linked_providers}

Error message tag

With the login_error tag you can print the login error on your screen

The tag

{exp:reinos_sso:login_error}

With the email_error tag you can print the email error on your screen (if you collect a email if needed)

The tag

{exp:reinos_sso:email_error}

Disconnect

It is possible to disconnect from a provider. This can be done using the {exp:reinos_sso:linked_providers} tag, where you use the {provider_disconnect_link} variable. This action will remove the reference from the Social Sign On table. The user will NOT lose their account; it will only remove the reference to the provider.

However, this can be problematic since users often do not know their password. There is an option in the Control Panel, Send new password via email, which sends a new password the first time a user logs in. However, users may still forget this.

To better control this process, we have introduced a new setting: Send password when user disconnects in the Control Panel of the SSO module. When enabled, this setting will send an email to the user with a new password after they disconnect from the provider.

Hooks

sso_callback

(Added in v.3.0.0)
This hook is triggered when the user hits the callback url

if (ee()->extensions->active_hook('sso_callback') === TRUE)
{
   ee()->extensions->call('sso_callback');
}

sso_login

(Added in v.3.0.0) This hook is triggered when a user is logged in via a social provider

if (ee()->extensions->active_hook('sso_login') === TRUE)
{
   ee()->extensions->call('sso_login', $memberObject, $isNewUser);
}

sso_connect

(Added in v.3.0.0) This hook is triggered when a user connect an existing account to the current logged in account

if (ee()->extensions->active_hook('sso_connect') === TRUE)
{
   ee()->extensions->call('sso_connect', $providerName);
}

Changelog

5.5.0 (not-yet-released)

5.4.6 (13-07-2024)

5.4.5 (15-10-2023)

5.4.4 (23-08-2023)

5.4.3 (31-01-2023)

5.4.2 (18-01-2023)

5.4.1 (04-12-2022)

5.4.0 (13-11-2022)

5.3.1 (17-05-2022)

5.3.0 (23-04-2022)

5.2.1 (24-11-2021)

5.2.0 (18-11-2021)

5.1.1 (27-09-2021)

5.1.0 (13-04-2021)

5.0.1 (25-02-2021)

5.0.0 (29-12-2020)

4.0.2 (08-12-2020)

4.0.1 (31-03-2020)

4.0.0 (27-01-2020)

*Note: There is a change you will have to validate the license again

**Note: Because the module has been renamed with a prefix reinos_ there is an update path by simply add the new update to* your site and install it. By installing the module, you are disabling the old module that can be deleted afterward. Also note that you have to rename the module calls and hooks with a prefix reinos_

Also note that the module need to be installed twice, as the first installation will modify some files in order to safely migrate the module

See this article about the rename https://addons.reinos.nl/news/modules-renamed

3.1.0 (03-04-2019)

3.0.2 (18-03-2019)

3.0.1 (06-03-2019)

3.0.0 (19-02-2019)

2.3.0 (25-01-2019)

2.2.0 (19-12-2018)

2.1.1 (09-06-2018)

2.1.0 (25-04-2018)

*Note: you need to add your license key and license email from addons.reinos.nl in order to validate your license and add a valid domain url in your license field on addons.reinos.nl/profile/licenses or the module will not work on a live site. Also make sure you have read the license section in the documentation

2.0.0 (04-12-2017)

1.1.1 (01-11-2017)

1.1.0 (25-07-2017)

1.0.2 (02-03-2017)

1.0.1 (30-09-2016)

1.0.0 (08-09-2016)