WHMCS Based Login for WordPress

 This is to share the experience of a cool project I completed recently.

It is perfect integration to have users login to WordPress site, a web hosting solution, using WHMCS being a Web Hosting Billing & Automation Platform. We have a plan to extend this further to other web hosting solutions in use. For this particular integration we have two requirements.

  • Users in WHMCS should be able to seamlessly login to Wordpress to manage it.
  • If the user authenticated at WHMCS is already present in WordPress link them, else create a new user with the details received from WHMCS.

We have the well known standard protocols used for similar scenarios based on SAML 2.0 (http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html) and OpenIDConnect 1.0 (https://openid.net/connect/). Based on the future direction, wide usage and availability of plugins we selected OIDC(OpenID Connect) to go forward. There were whole lot of plugins available for us in this journey to select on.

Below is the flow in brief.

  • User clicks on ‘Login with WHMCS’ option we configured in the WordPress login as below.
Login Options
  • User is redirected to WHMCS. Technically an authorization code based OIDC flow is initiated, requesting the scopes of openid, profile and email.
  • User enter credentials at WHMCS site, provide any required consents. Upon successful authentication user is redirected back to a “callback_url” we have in WordPress site along with an authorization code.
  • Underneath we exchange this is an access token, which provides us with an IDToken as well, will user details. In the WHCMS case, they only gave ‘sub’ claim specific to user within this IDtoken.
  • Just IDtoken is not giving us enough information. So to retrieve more information we make another /userinfo call as per the OpenIDConnect specification, which gives us more information from WHMCS given an authorized token as below.
{
 “email”: “kladrock@kladrock.com”,
 “email_verified”: false,
 “name”: "KladRock",
 “family_name”: “Rock”,
 “given_name”: “KladRock”,
 “preferred_username”: “kladrock”,
 “locale”: “en-GB”,
 “update_at”: “2020–07–18 17:14:33”,
 “sub”: “xxxx-xxx-x-xxxx-xxxx”
}

Yeah! Now we have enough information populate this user at WordPress side if needed or link to an existing user. Expect more as we expand this solution.

Below are some memos from the journey. :)

Configuring WHMCS with Wordpress as an OIDC client(service provider)
Whole lot of plugins we have for SSO

Hint for my friends: You will see a lot of Miniorange plugins there. It’s good to start with, but moving forward they limit the functionality to upgrade to premium such as role-mapping is not available in free version, only 10 users will be provisioned etc. Unless you are ready to spend that, there are fully open source solutions. Read their limitations if possible and see if it fits you beforehand.

Reach out me at https://www.fiverr.com/kladrock for any projects/consultancy.

Comments

Post a Comment

Popular posts from this blog

Sign into Dokuwiki with Google

Image
Dokuwiki(https://www.dokuwiki.org/dokuwiki) is a nice and helpful gift by the opensource community. Being a favor of administrators for ease maintenance and integration options, it caters the needs of a content management system or as a corporate or a personal note keeper. In this post I am sharing an approach we followed to keep this simplicity as it is, while making it available for an existing Google user-base via Single Sign On capabilities. We made use of the extend-ability of Dokuwiki via plugins and OAuth 2.0 protocol based integration provided by Google for this purpose. Let's look at the flow and then how this was configured.   Flow As in the diagram, when the user comes to the Dokuwiki login page, we want to show them the option of login via Google. With this feature available, if they are already logged into Google, they will be automatically logged into Dokuwiki with Single Sign On in action. If not, they will go through the Google login procedure at Google site, as usu...
Read more

Single Sign On Integrations - Intro

Image
Single Sign on(SSO) is everywhere and provides lot of convenience to users. Let me give you few more examples. Have you noticed that when we are logged into our Gmail account and go to Youtube within the same browser, we are automatically logged into Youtube without any further requests for user credentials or authentication.  In today's cooperate world with COVID-19 impact, employees and partners heavily use cooperate applications such as Zoom, Salesforce, Jira in working from home efforts. Authenticating once and letting them securely use all these cooperate applications in another productive use of Single Sign On. In the Education sector also, COVID-19 impact has made the students and teachers to heavily depend on online tools. At such occasion also Single Sign On integration among these educational applications such as Moodle, Office365, Yammer etc, provide lot of convenience. User convenience is not the only benefit of Single Sign on though. It provides a lot more convenience ...
Read more

What is an API Gateway?

Image
API Gateways have become a critical component in the current Microservices based architectures, providing common functionalities required by APIs such as routing, API authentication, access control, rate limiting, billing, capturing analytics, monitoring and providing much needed decoupling between a client and the backend services. To understand further onto what an API gateway is, it is best to start from how it has evolved to exist. There are two clearly identifiable categories of API gateways in the market; Reverse proxy products that revolved into becoming API gateways, adding features to the core product eg. Nginx API Manager vendors who broke their monolithic application into microservices which let one of those to be API gateway. Starting from the first category is best to understand the initial requirements. Reverse proxies were already in the market, addressing the need of hiding the internal details of a system and providing an abstract interface for the external parties, i...
Read more