PHPackages                             nks-hub/nette-sso - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. nks-hub/nette-sso

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

nks-hub/nette-sso
=================

Nette extension for SSO authentication via OAuth2/OpenID Connect (Authentik)

v1.1.0(1mo ago)07MITPHPPHP &gt;=8.1 &lt;8.5

Since Oct 18Pushed 2mo agoCompare

[ Source](https://github.com/nks-hub/nette-sso)[ Packagist](https://packagist.org/packages/nks-hub/nette-sso)[ RSS](/packages/nks-hub-nette-sso/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (16)Versions (3)Used By (0)

[![Latest Stable Version](https://camo.githubusercontent.com/1ca6b10bb4a6998c728c0fbdec2ca71f8641699e5240aec17cb6bc5c2a2928f8/68747470733a2f2f706f7365722e707567782e6f72672f6e6b732d6875622f6e657474652d73736f2f76)](https://packagist.org/packages/nks-hub/nette-sso)[![Total Downloads](https://camo.githubusercontent.com/8f47a657456f6bfc35f584fac487020fa5503174ab30bdb0bee73dce31301615/68747470733a2f2f706f7365722e707567782e6f72672f6e6b732d6875622f6e657474652d73736f2f646f776e6c6f616473)](https://packagist.org/packages/nks-hub/nette-sso)[![PHP Version](https://camo.githubusercontent.com/04744bae0a61d2ffe29c26f07a9612eae20445fc6feaeb77b3af1f0e9be6447c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344382e312d3838393242462e737667)](https://php.net/)[![License](https://camo.githubusercontent.com/8bb50fd2278f18fc326bf71f6e88ca8f884f72f179d3e555e20ed30157190d0d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e2e737667)](LICENSE)

NKS Hub - Nette SSO Extension
=============================

[](#nks-hub---nette-sso-extension)

Nette DI extension for Single Sign-On authentication via OAuth2/OpenID Connect (Authentik).

Features
--------

[](#features)

- ✅ **OAuth2/OpenID Connect** authentication flow
- ✅ **CSRF protection** with state token validation
- ✅ **Role mapping** from OAuth2 groups to Nette roles
- ✅ **Admin access control** based on configurable groups
- ✅ **Nette Security integration** with SimpleIdentity
- ✅ **Session-based state management** for secure authentication
- ✅ **PHP 8.1+ support** (8.1, 8.2, 8.3, 8.4)
- ✅ **Type-safe** with strict types and comprehensive PHPDoc

Requirements
------------

[](#requirements)

- PHP 8.1 or higher
- Nette Framework 3.0+
- league/oauth2-client 2.7+

Installation
------------

[](#installation)

Install via Composer:

```
composer require nks-hub/nette-sso
```

Configuration
-------------

[](#configuration)

Register the extension in your Nette configuration file:

```
extensions:
    sso: NksHub\NetteSso\DI\SsoExtension

sso:
    clientId: 'your-client-id'
    clientSecret: 'your-client-secret'
    redirectUri: 'https://your-domain.com/auth/callback'
    authorizeUrl: 'https://sso.nks-hub.cz/application/o/authorize/'
    tokenUrl: 'https://sso.nks-hub.cz/application/o/token/'
    userinfoUrl: 'https://sso.nks-hub.cz/application/o/userinfo/'
    adminGroups: ['admin', 'superadmin', 'moderator']  # optional
```

### Configuration Parameters

[](#configuration-parameters)

ParameterRequiredTypeDescription`clientId`✅ YesstringOAuth2 client ID from your SSO provider`clientSecret`✅ YesstringOAuth2 client secret`redirectUri`✅ YesstringCallback URL after authentication (must be registered in SSO)`authorizeUrl`✅ YesstringOAuth2 authorization endpoint URL`tokenUrl`✅ YesstringOAuth2 token endpoint URL`userinfoUrl`✅ YesstringOAuth2 user info endpoint URL`adminGroups`❌ Nostring\[\]List of groups that grant admin access (default: see below)**Default admin groups:**

- `admin`
- `superadmin`
- `administrators`
- `moderator`
- `superadmin-webs`
- `authentik admins`

### Environment Variables

[](#environment-variables)

It's recommended to use environment variables for sensitive data:

```
sso:
    clientId: %env.SSO_CLIENT_ID%
    clientSecret: %env.SSO_CLIENT_SECRET%
    redirectUri: %env.SSO_REDIRECT_URI%
    authorizeUrl: %env.SSO_AUTHORIZE_URL%
    tokenUrl: %env.SSO_TOKEN_URL%
    userinfoUrl: %env.SSO_USERINFO_URL%
```

Usage
-----

[](#usage)

### Basic Authentication Flow

[](#basic-authentication-flow)

Create an authentication presenter:

```