Monday, 20 April 2026

#2 SSO

Advanced SSO using OAuth 2.0 (PHP)

πŸ” Advanced SSO using OAuth 2.0 with PHP

πŸ“˜ What is OAuth 2.0?

OAuth 2.0 is a secure authorization framework that allows users to login using external providers like Google without sharing passwords.

⚙️ OAuth Flow

User → Redirect to Provider → Login → Authorization Code → Token → User Info → Login

πŸ“¦ Install Google Client Library

composer require google/apiclient

πŸ”‘ Step 1: Create OAuth Client

  • Go to Google Cloud Console
  • Create project
  • Enable OAuth
  • Get Client ID & Secret

πŸ’» Step 2: Login Redirect Code

<?php
require 'vendor/autoload.php';
$client = new Google_Client();
$client->setClientId('YOUR_CLIENT_ID');
$client->setClientSecret('YOUR_CLIENT_SECRET');
$client->setRedirectUri('http://localhost/callback.php');
$client->addScope("email");
$client->addScope("profile");

echo "<a href='".$client->createAuthUrl()."'>Login with Google</a>";

πŸ”„ Step 3: Callback Handling

<?php
require 'vendor/autoload.php';
$client = new Google_Client();
$client->setClientId('YOUR_CLIENT_ID');
$client->setClientSecret('YOUR_CLIENT_SECRET');
$client->setRedirectUri('http://localhost/callback.php');

$token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
$client->setAccessToken($token);

$oauth = new Google_Service_Oauth2($client);
$user = $oauth->userinfo->get();

echo "Welcome ".$user->email;

πŸ”— Step 4: WordPress Integration

After login, pass user email to WordPress and auto-login using custom plugin.

πŸ”’ Security Features

  • Token-based authentication
  • No password sharing
  • Secure redirect
  • Access control via scopes

πŸŽ“ MCQs

  • OAuth is used for authorization
  • Access token is temporary
  • Client ID identifies application
- No comments:

#1 SSO

SSO WordPress Plugin Tutorial

πŸ” WordPress SSO Plugin using PHP (JWT)

πŸ“¦ Plugin Structure

wp-content/plugins/simple-sso/
├── simple-sso.php
├── vendor/

🧾 Plugin Code

<?php
/* Plugin Name: Simple SSO Login */
require_once __DIR__ . '/vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
add_action('init','simple_sso_login');
function simple_sso_login(){
 if(!isset($_GET['sso_token'])) return;
 $token = $_GET['sso_token'];
 $secret_key = "my_super_secret_key";
 try{
  $decoded = JWT::decode($token,new Key($secret_key,'HS256'));
  $email = $decoded->email;
  $user = get_user_by('email',$email);
  if(!$user){
   $user_id = wp_create_user($email,wp_generate_password(),$email);
   $user = get_user_by('id',$user_id);
  }
  wp_set_current_user($user->ID);
  wp_set_auth_cookie($user->ID);
  wp_redirect(home_url());
  exit;
 }catch(Exception $e){
  wp_die('Invalid token');
 }
}

πŸ“₯ Install JWT Library

composer require firebase/php-jwt

πŸ”‘ Token Generator

<?php
use Firebase\JWT\JWT;
$secret_key = "my_super_secret_key";
$payload = [
 "email" => "student@gmail.com",
 "iat" => time(),
 "exp" => time()+300
];
$jwt = JWT::encode($payload,$secret_key,'HS256');
header("Location: https://yourwpsite.com/?sso_token=".$jwt);
exit;

πŸ”„ Flow

User Login → Generate Token → Redirect → WordPress Verify → Login

πŸ”’ Security Tips

  • Use HTTPS
  • Short expiry (5 min)
  • Protect secret key

πŸŽ“ MCQs

  • JWT stands for JSON Web Token
  • SSO means one login multiple systems
- No comments:

#0 SSO

SSO using PHP - Tutorial

πŸ” Single Sign-On (SSO) using PHP

πŸ“˜ What is SSO?

Single Sign-On (SSO) allows users to login once and access multiple systems without logging again.

⚙️ How SSO Works

  • User logs into main system
  • JWT token is generated
  • User redirected to another system
  • Token verified
  • User logged in automatically

πŸ“¦ Install JWT Library

composer require firebase/php-jwt

πŸ”‘ Token Generation Code

<?php
use Firebase\JWT\JWT;
$payload = [
 "email" => "user@gmail.com",
 "iat" => time(),
 "exp" => time()+300
];
$jwt = JWT::encode($payload, "secret", 'HS256');
header("Location: app2.php?token=".$jwt);
exit;

✅ Token Verification Code

<?php
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
$decoded = JWT::decode($_GET['token'], new Key("secret", 'HS256'));
echo "Welcome ".$decoded->email;

πŸ”„ Flow

Login → Token → Redirect → Verify → Access

πŸ”’ Security Tips

  • Use HTTPS
  • Short token expiry
  • Keep secret key safe

πŸŽ“ MCQs

  • JWT stands for JSON Web Token
  • SSO means single login multiple access
  • Token expiry improves security
- No comments:
Subscribe to: Comments (Atom)

#2 SSO

Advanced SSO using OAuth 2.0 (PHP) πŸ” Advanced SSO using OAuth 2.0 with PHP πŸ“˜ What is OAuth 2.0? OAuth 2.0 is a secure autho...

  • #1 bulder.io Basics - Tutorial
    Hands-on course material for Builder.io that will help learners understand and practice all major features step by step. Builder.io is a ...
  • Builder.io Tutorials for IMMBiz Soft Solutions
    Please 🚢🚢🚢🚢🚢thru and Practice:  #1    https://learn-gemini2.blogspot.com/2025/05/bulderio-basics-tutorial.html #2  https://learn-gemini...
  • #3 builder.io export & deploy
     Absolutely — I’ll guide you step by step on how to export and deploy your complete landing page from Builder.io . Think of this as your fr...