OAuth2 and LDAP Login Plugins

It's taken a while to get here, but worth the wait...

2 mins

With recent improvements to Grav core, as well as the release of the version 2 of Grav's core Login plugin, we've made the login plugin much more extensible via a series of login events. After several weeks in development, and some private beta testing under their belt, Trilby Media is pleased to announce the release of two very important plugins...

OAuth2 Login Plugin

The first is the login-oauth2 plugin which is a complete rewrite and refactor of the prior login-oauth plugin, and now is much more powerful, more flexible, and even extensible itself. This plugin allows the ability to easily login to Grav with a 3rd party OAuth2 provider.

Out of the box, the plugin supports GitHub, Instagram, Facebook, Google, and LinkedIn OAuth2 providers.

This plugin is quite flexible, and allows you to have full control over how your OAuth2 Providers are configured. You can enable them individually and set scope to control the data you want returned and stored. This plugin is built utitlizing the The League OAuth2 Client and this allows for easy extension of the core OAuth2 plugin with a variety of third-party providers, or you can even create your own plugin extending the OAuth2 plugin itself. Trilby Media has already built a proof of concept plugin for Slack OAuth2 provider, and they plan on releasing this soon to showcase how simple it is to create your own provider plugins.

LDAP Plugin

Probably the most highly request authentication plugin has been for LDAP. LDAP (Lightweight Directory Access Protocol) is widely used in businesses of all sizes to house information such as logins and accounts. Trilby Media developed an LDAP login plugin (with development sponsorship) that utilizes the new login events built in to the login plugin. However, it even goes a step further and allows powerful mapping of LDAP user and group attributes to provide the ability to automatically define Grav access based on LDAP group membership. When used in conjunction of the latest Grav Admin v1.8.0 release, this allows you to define a configuration that lets specific LDAP group members to access the Grav admin without any local account.

Once installed and configured, the LDAP plugin authentication is transparent to the user, if a user is not authenticated via LDAP, Grav will try local accounts, so as long as you keep a local acocunt handy you will always have access to Grav even if your LDAP provider is unavailable.

This is some powerful stuff, and really takes Grav to the next level!