Generic OAuth2 Authentication and Authorisation for TYPO3
Background: Rights management in TYPO3 CMS
We have used the new oauth2 extension to create an innovative solution for cross-system user management. The installation of the oauth2 extension means that there is no longer a need for our employees to rotate passwords in client installations.
Rights management is quite a challenge in the TYPO3 environment. Most clients have different groups of employees, all of whom need to have different access rights in the backend. Our developers must also be able to access the backend – usually they need administrator rights to configure extensions, troubleshoot, or – generally – maintain the installation. Add development systems to the mix and the whole thing quickly becomes complex and very costly to manage.
Our solution: OAuth2 Authentication and Authorisation
Our TYPO3 developers took the opportunity to create a generic OAuth-2.0 link to the TYPO3 backend at the TYPO3 Developer Days in 2018. As a first step, we integrated GitLab – mainly to meet our own needs. However, the extension is designed in such a way that other OAuth-2.0-compatible services can also be linked.
As soon as the extension is installed and configured, there is an option to just click on "Login with GitLab" alongside the familiar username and password login. This leads to GitLab, where the developer is usually already registered. A one-off activation in GitLab, which provides the extension with access to the information in GitLab, then returns to TYPO3, where the developer is then directly logged in.
Subsequently, the user no longer even sees GitLab, but goes directly to the TYPO3 backend.