strapi-plugin-sso
Version:
Plug-in for single sign-on with Strapi!
120 lines (91 loc) • 4.74 kB
Markdown
<div align="center">
<img src="https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/strapi-plugin-sso.png?raw=true" width="180"/>
</div>
This plugin can provide single sign-on.
You will be able to log in to the administration screen using one of the following providers:
- Google
- Cognito
- Azure
- OIDC
Currently supports Cognito user pool, Google accounts and OIDC.
Please read the [documents](
**This plugin is developed by one engineer.**
**If possible, consider using the Gold Plan features.**
```shell
yarn add strapi-plugin-sso
```
or
```shell
npm i strapi-plugin-sso
```
- Strapi Version4
- **strapi-plugin-sso**
- Google Account or AWS Cognito UserPool or a OIDC provider
```javascript
// config/plugins.js
module.exports = ({env}) => ({
'strapi-plugin-sso': {
enabled: true,
config: {
// Either sets token to session storage if false or local storage if true
REMEMBER_ME: false,
// Google
GOOGLE_OAUTH_CLIENT_ID: '[Client ID created in GCP]',
GOOGLE_OAUTH_CLIENT_SECRET: '[Client Secret created in GCP]',
GOOGLE_OAUTH_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/google/callback', // URI after successful login
GOOGLE_ALIAS: '', // Gmail Aliases
GOOGLE_GSUITE_HD: '', // G Suite Primary Domain
// Cognito
COGNITO_OAUTH_CLIENT_ID: '[Client ID created in AWS Cognito]',
COGNITO_OAUTH_CLIENT_SECRET: '[Client Secret created in AWS Cognito]',
COGNITO_OAUTH_DOMAIN: '[OAuth Domain created in AWS Cognito]',
COGNITO_OAUTH_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/cognito/callback', // URI after successful login
COGNITO_OAUTH_REGION: 'ap-northeast-1', // AWS Cognito Region
COGNITO_USER_GROUP: '[User Group Name in AWS Cognito]', // allow authentication only for users belonging to the its user group if specified.
// AzureAD
AZUREAD_OAUTH_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/azuread/callback',
AZUREAD_TENANT_ID: '[Tenant ID created in AzureAD]',
AZUREAD_OAUTH_CLIENT_ID: '[Client ID created in AzureAD]', // [Application (client) ID]
AZUREAD_OAUTH_CLIENT_SECRET: '[Client Secret created in AzureAD]',
AZUREAD_SCOPE: 'user.read', // https://learn.microsoft.com/en-us/graph/permissions-reference
// OpenID Connect
OIDC_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/oidc/callback', // URI after successful login
OIDC_CLIENT_ID: '[Client ID from OpenID Provider]',
OIDC_CLIENT_SECRET: '[Client Secret from OpenID Provider]',
OIDC_SCOPES: 'openid profile email', // https://oauth.net/2/scope/
// API Endpoints required for OIDC
OIDC_AUTHORIZATION_ENDPOINT: '[API Endpoint]',
OIDC_TOKEN_ENDPOINT: '[API Endpoint]',
OIDC_USER_INFO_ENDPOINT: '[API Endpoint]',
OIDC_USER_INFO_ENDPOINT_WITH_AUTH_HEADER: false,
OIDC_GRANT_TYPE: 'authorization_code', // https://oauth.net/2/grant-types/
// customizable username arguments
OIDC_FAMILY_NAME_FIELD: 'family_name',
OIDC_GIVEN_NAME_FIELD: 'given_name',
}
}
})
```
- ✅ NodeJS >=16.0.0 <21.0.0
- Strapi 4.1.7 or higher
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/en/google/setup.md)
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/en/google/admin.md)
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/en/cognito/setup.md)
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/en/azuread/setup.md)
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/en/oidc/setup.md)
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/README.md)
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/ja/google/setup.md)
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/ja/google/admin.md)
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/ja/cognito/setup.md)
[](https://github.com/yasudacloud/strapi-plugin-sso/blob/main/docs/ja/cognito/admin.md)
TODO AzureAD Single Sign On Setup
TODO OIDC Single Sign On Setup
