Social Sign On

Introduction

Social Sign On module will add the possibilty to login in to you ExpressionEngine site via your favorite Social Media site. (MSM Ready)

currently supported

Documentation versions

Installation

Prerequisites

Make sure your system meets the minimum requirements:

Installation Instructions

Update instructions

License

For every paid addon you need to validate your license in order to activate the module.

On a local environment, like *.dev *.local *.localhost *.test the license is valid for testing and building a new or existing sites. For every other domain, you need to have a valid license.

Process of validating

Once installed, you will asked to enter your license key. When you entered a valid license you can hit the "Save license" button. This will start validating your license and will redirect you to addons.reinos.nl to login into your account. You can also register a new account in this process.

Control panel overview

Once logged in, you are asked to use your current account or to login with another one.

Control panel overview

Using the current logged in account, the server will check all info related to your license and once valid, it will redirect you back to your site where you see either a success message or an error message.

Control panel overview

License field

This module is using a license field to check if the license for the module is valid or not. On addons.reinos.nl you can check your license and add your valid domains.

Control panel overview

In the Module CP you can enter then your license Control panel overview

When you enter a wrong license, the module will not work and it shows you an warning Control panel overview

Invalid license

Sometimes it happens that the license system says you have an invalid license. When this happens, make sure you have entered your domain url in your account, next to your license on addons.reinos.nl.

If this will not fix your license problem, please contact us on https://addons.reinos.nl/support

How it works

As already know the SSO module will allow users to login on your site via a social provider. Below a couple of cases how the module will handle the login and what it will do.

The Login process

  1. The user clicks on of the social provider that are enabled.
  2. The user will redirect to the social provider and will be asked for his login.
  3. When the user enters the correct credentials, the user will be redirect to the EE site
  4. On the main EE site, the SSO module will check if the user exists.
  5. If the user does not exists:
    1. if member registration has been disabled.
      1. an error will be showed
    2. if member registration has been enabled.
      1. there will be a new member profile created for the user
      2. and a connect link will be made between the social provider and the EE site.
  6. If the user exists
    1. if the setting "Allow social login to merge with non social accounts" is set to no there will be shown an error on the screen and the user will be asked to enter a new email address.
    2. if the setting "Allow social login to merge with non social accounts" is set to yes the user will be logged in on the account that already exists on the EE site.
    3. if the user has an account, that is connected to a social provider, it will always login on the existing account.

CP Overview

On the CP page you can modify a couple of things.

Default settings

Provider settings

Also you can edit your settings per provider (social site) and per site there are different settings

Google

Name Description
Enabled Is the provider enabled or not
ID Your API ID
Secret Your API Secret
Scope For what data should be asked for permission Google Scopes

To get the API keys follow the following steps:

  1. Go to https://code.google.com/apis/console/ and create a new project.
  2. Go to API Access under API Project. After that click on Create an OAuth 2.0 client ID to create a new application.
  3. A pop-up named "Create Client ID" will appear, fill out any required fields such as the application name and description.
  4. Click on Next.
  5. On the popup set Application type to Web application and switch to advanced settings by clicking on (more options).
  6. Provide this URL as the Callback URL for your application: Callback url showed on the overview page

Facebook

Name Description
Enabled Is the provider enabled or not
ID Your API ID
Secret Your API Secret
Scope For what data should be asked for permission Facebook Scopes

To get the API keys follow the following steps:

  1. Go to https://developers.facebook.com/apps and create a new application by clicking "Create New App".
  2. Fill out any required fields such as the application name and description.
  3. Put your website domain in the Site Url field.

Twitter

Name Description
Enabled Is the provider enabled or not
ID Your API ID
Secret Your API Secret

To get the API keys follow the following steps:

  1. Go to https://dev.twitter.com/apps and create a new application.
  2. Fill out any required fields such as the application name and description.
  3. Put your website domain in the Website field.
  4. Provide this URL as the Callback URL for your application: Callback url showed on the overview page

LinkedIn

Name Description
Enabled Is the provider enabled or not
ID Your API ID
Secret Your API Secret

To get the API keys follow the following steps:

  1. Go to https://www.linkedin.com/secure/developer (or https://www.linkedin.com/secure/developer?newapp=) and create a new application.
  2. Fill out any required fields such as the application name and description.
  3. Copy the Callback URL from the SSO control panel into the OAuto 2.0 Authorized Redirect URL field.

Email template

To customise the email template, you can alter the template in the Template Manager -> System Templates -> Email and look for SSO.

Has Connected Providers Tag

With the has_connected_providers tag you can check if the user has any provider connected to his account.

The tag

{exp:reinos_sso:has_connected_providers}

Example

{exp:reinos_sso:has_connected_providers}
    The user has a provider connected
{/exp:reinos_sso:has_connected_providers}

Login Tag

With the login_links tag you can add the provider to your website

The tag

{exp:reinos_sso:login_links}

Tag Parameters

Below are the Tag Parameters. Those parameters can be used in the tag described above, Default to the current_url.

return

the return url where the user will be redirected after logged in

return=""

no_email_return

Give a return url for when the email is unavailable from the social channel. Default to the return param

no_email_return=""

new_member_return

the return url for when the user is new. Default to the return param

new_member_return=""

Variables

Below are the variables. Those variables can be used in the tag described above

The login link to a provider

{exp:reinos_sso:login_links}
    {provider_link}
{/exp:reinos_sso:login_links}

provider_name

The Provider name

{exp:reinos_sso:login_links}
    {provider_name}
{/exp:reinos_sso:login_links}

Login Tag

With the linked_providers tag you can connect multiple providers to your account

The tag

{exp:reinos_sso:linked_providers}

Tag Parameters

Below are the Tag Parameters. Those parameters can be used in the tag described above, Default to the current_url.

return

the return url where the user will be redirected after logged in

return=""

Variables

Below are the variables. Those variables can be used in the tag described above

The connect link to a provider

{exp:reinos_sso:linked_providers}
    {provider_connect_link}
{/exp:reinos_sso:linked_providers}

The disconnect link to a provider

{exp:reinos_sso:linked_providers}
    {provider_disconnect_link}
{/exp:reinos_sso:linked_providers}

provider_name

The Provider name

{exp:reinos_sso:linked_providers}
    {provider_name}
{/exp:reinos_sso:linked_providers}

provider_is_connected

Variable to check if a user is connected

{exp:reinos_sso:linked_providers}
    {if provider_is_connected}
        <a href="{provider_disconnect_link}">Disconnect from {provider_name}</a>
    {if:else}
        <a href="{provider_connect_link}">Link with {provider_name}</a>
    {/if}
{/exp:reinos_sso:linked_providers}

Error message tag

With the login_error tag you can print the login error on your screen

The tag

{exp:reinos_sso:login_error}

With the email_error tag you can print the email error on your screen (if you collect a email if needed)

The tag

{exp:reinos_sso:email_error}

Update password (not yet released)

When a user that has been logged in with the SSO module want to change their password, it will give the user an error about the current given password.or No matching hash algorithm. This because the SSO module will not copy your Social Provider password to EE (doh, we don't know that ofc! ;-) ).

Because we cannot control the way how a password is saved or updated, we need to take a different path.

By adding the tag {exp:reinos_sso:update_password} directly under the {exp:member:edit_profile} tag, we will bypass the current password for SSO users that did not set a password.

Hooks

sso_callback

(Added in v.3.0.0)
This hook is triggered when the user hits the callback url

if (ee()->extensions->active_hook('sso_callback') === TRUE)
{
   ee()->extensions->call('sso_callback');
}

sso_login

(Added in v.3.0.0) This hook is triggered when a user is logged in via a social provider

if (ee()->extensions->active_hook('sso_login') === TRUE)
{
   ee()->extensions->call('sso_login', $memberObject, $isNewUser);
}

sso_connect

(Added in v.3.0.0) This hook is triggered when a user connect an existing account to the current logged in account

if (ee()->extensions->active_hook('sso_connect') === TRUE)
{
   ee()->extensions->call('sso_connect', $providerName);
}

Changelog

5.4.0 (not yet released)

Added: Apple Maps Added: option to disable new member registration via the SSO module

5.3.1 (17-05-2022)

5.3.0 (23-04-2022)

5.2.1 (24-11-2021)

5.2.0 (18-11-2021)

5.1.1 (27-09-2021)

5.1.0 (13-04-2021)

5.0.1 (25-02-2021)

5.0.0 (29-12-2020)

4.0.2 (08-12-2020)

4.0.1 (31-03-2020)

4.0.0 (27-01-2020)

*Note: There is a change you will have to validate the license again

**Note: Because the module has been renamed with a prefix reinos_ there is an update path by simply add the new update to* your site and install it. By installing the module, you are disabling the old module that can be deleted afterward. Also note that you have to rename the module calls and hooks with a prefix reinos_

Also note that the module need to be installed twice, as the first installation will modify some files in order to safely migrate the module

See this article about the rename https://addons.reinos.nl/news/modules-renamed

3.1.0 (03-04-2019)

3.0.2 (18-03-2019)

3.0.1 (06-03-2019)

3.0.0 (19-02-2019)

2.3.0 (25-01-2019)

2.2.0 (19-12-2018)

2.1.1 (09-06-2018)

2.1.0 (25-04-2018)

*Note: you need to add your license key and license email from addons.reinos.nl in order to validate your license and add a valid domain url in your license field on addons.reinos.nl/profile/licenses or the module will not work on a live site. Also make sure you have read the license section in the documentation

2.0.0 (04-12-2017)

1.1.1 (01-11-2017)

1.1.0 (25-07-2017)

1.0.2 (02-03-2017)

1.0.1 (30-09-2016)

1.0.0 (08-09-2016)