PHPackages atwx/silverstripe-gate-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. atwx/silverstripe-gate-client ActiveSilverstripe-vendormodule[Authentication & Authorization](/categories/authentication) atwx/silverstripe-gate-client ============================= A Silverstripe module to allow you to log into any of your Silverstripe sites from one place. 2.1(2mo ago)0395↓33.3%BSD-3-ClausePHPCI passing Since Feb 5Pushed 2mo agoCompare [ Source](https://github.com/atwx/silverstripe-gate-client)[ Packagist](https://packagist.org/packages/atwx/silverstripe-gate-client)[ RSS](/packages/atwx-silverstripe-gate-client/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (14)Versions (5)Used By (0) Silverstripe Gate Client ======================== [](#silverstripe-gate-client) A SilverStripe module that lets you log into a SilverStripe site from a centralized system using signed JWTs and then redirects you into the CMS. In short: the module validates a signed JSON Web Token (JWT) passed via the URL. On successful validation a configured user (or the default admin) is automatically logged in and redirected to a configured destination URL. Use the [Silverstripe Gate Manager](https://github.com/atwx/silverstripe-gate-manager) on your admin instance to do so. Installation ------------ [](#installation) This package is intended to be installed via Composer. From your project root: ``` composer require atwx/silverstripe-gate-client ``` Configuration ------------- [](#configuration) Configure the module via SilverStripe YAML config. Important options: ``` Atwx\SilverGateClient\Services\TokenService: public_key: | -----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY----- # Login as admin is default Atwx\SilverGateClient\Services\LoginService: # Finds the current default admin or creates one if none exists login_as_default_admin: true #member_id: 1 #member_email: xyz@example.com ``` Note: the key must be in PEM format. Tokens should be signed by the central system that issues them with the corresponding private key (for example RS256). You can also use the `.env` to configure the public key. Make sure to escape newlines using \\n: ``` SILVERGATECLIENT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----" ``` More advanced configuration: ``` Atwx\SilverGateClient\Services\TokenService: public_key: | -----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY----- # defaults to 60, specifies how old the token is allowed to be before it is invalidated token_max_age_seconds: 60 Atwx\SilverGateClient\Services\LoginService: member_id: 1 login_dest: '/custom-url-after-login' ``` Sudo Mode --------- [](#sudo-mode) By default, SilverStripe's [Sudo Mode](https://docs.silverstripe.org/en/developer_guides/security/sudo_mode/) is not activated after a JWT login. This means users who access sudo-protected CMS areas (e.g. certain security settings) will be prompted for their password — which is not possible for SSO users. You can opt in to automatically bypassing sudo mode for JWT-authenticated sessions: **Via `.env`:** ``` SILVERGATECLIENT_DISABLE_SUDO_MODE=1 ``` **Via YAML:** ``` Atwx\SilverGateClient\Services\LoginService: disable_sudo_mode: true ``` When enabled, a `jwt-authenticated` flag is set in the session after a successful JWT login. A `SudoModeExtension` on `SudoModeService` detects this flag and marks sudo mode as active for the duration of the session. **Security considerations:** - The feature is opt-in and disabled by default. - The session flag is only set after JWT signature validation and a successful member login. - The flag is cleared when the user logs out (session is destroyed). - Unlike normal sudo mode (which times out after 45 minutes), the bypass is active for the entire session. This is intentional for SSO users who cannot enter a password. Route / Endpoint ---------------- [](#route--endpoint) The module registers the route `/_silvergateclient` (see `_config/routes.yml`). Primary endpoint: - GET `/_silvergateclient/token/` Example (as used in the tests): ``` $token = JWT::encode(['iat' => time()], $privateKey, 'RS256'); $b64 = urlencode(base64_encode($token)); // GET /_silvergateclient/token/ ``` ### Health Score 40 — FairBetter than 88% of packages Maintenance86 Actively maintained with recent releases Popularity18 Limited adoption so far Community11 Small or concentrated contributor base Maturity37 Early-stage or recently created project Bus Factor1 Top contributor holds 66.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~11 days Total 4 Last Release 68d ago Major Versions 1.x-dev → 2.12026-03-11 ### Community Maintainers ![](https://www.gravatar.com/avatar/64d979993815fa2d2ea95b3fd72b4f43e95a631ce569f4f1c0330786971b5fc2?d=identicon)[adiwidjaja](/maintainers/adiwidjaja) ![](https://avatars.githubusercontent.com/u/7694808?v=4)[Jan Metzger](/maintainers/Zazama)[@Zazama](https://github.com/Zazama) ![](https://www.gravatar.com/avatar/63d164bab71fc011430a89319c7e170995fa494d7d122feaed5a370f39c89d12?d=identicon)[HenrikBormann](/maintainers/HenrikBormann) --- Top Contributors [![Zazama](https://avatars.githubusercontent.com/u/7694808?v=4)](https://github.com/Zazama "Zazama (6 commits)")[![HenrikBormann](https://avatars.githubusercontent.com/u/88386045?v=4)](https://github.com/HenrikBormann "HenrikBormann (2 commits)")[![adiwidjaja](https://avatars.githubusercontent.com/u/280394?v=4)](https://github.com/adiwidjaja "adiwidjaja (1 commits)") --- Tags silverstripecmsmoduleloginmanagementsitessilverstripe-gateatwx ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/atwx-silverstripe-gate-client/health.svg) ``` [![Health](https://phpackages.com/badges/atwx-silverstripe-gate-client/health.svg)](https://phpackages.com/packages/atwx-silverstripe-gate-client) ``` ### Alternatives [silverstripe/cms The SilverStripe Content Management System 5163.4M1.3k](/packages/silverstripe-cms)[axyr/silverstripe-adminlogin Use a custom login screen to log in to the admin section 165.8k](/packages/axyr-silverstripe-adminlogin)[silverstripe/mfa Enable multi-factor authentication with fallback codes 10346.1k8](/packages/silverstripe-mfa)[silverstripe/contentreview Flags pages for periodical author review (incl. reporting) 22264.3k4](/packages/silverstripe-contentreview)[bigfork/silverstripe-oauth-login SilverStripe logins via OAuth2, using the PHP League's OAuth2 client 1794.7k2](/packages/bigfork-silverstripe-oauth-login)[froog/silvergraph Generates data model visualisations from SilverSripe DataObjects, displaying database fields, relations and ancestry 425.7k](/packages/froog-silvergraph) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)