0

I want to do OpenID Connect 1.0 authentication for frontend users on my site.

In order to do so, I've developed an authentication service (as described in the docs). Within this service I'd like to access TypoScript configuration values to fetch the OpenID configuration (.well-known-URL, client ID and secret).

To do so, I simply inject TYPO3\CMS\Extbase\Configuration\ConfigurationManagerInterface into the authentication service - but this class only wraps the real configuration manager, which in this case is an instance of TYPO3\CMS\Extbase\Configuration\BackendConfigurationManager - although I am in frontend context. This also affects other places, for example is TYPO3 not able to get the correct plugin configuration (because it is not present in the backend).

I've tracked this down to TYPO3\CMS\Extbase\Configuration\ConfigurationManager::initializeConcreteConfigurationManager, where the existence of $GLOBALS['TYPO3_REQUEST'] is checked - if it does not exist, the BackendConfigurationManager is used as fallback.

So my question: How do I correctly fetch TypoScript configuration within a TYPO3 authentication service?

Improve this question
1
  • Just a question: Why TypoScript and not in the extension configuration? TypoScript can be configured for different pages differently (which you do not want I assume) whereas the extension configuration is applied for the whole installation. Commented Dec 30, 2022 at 17:21

1 Answer 1

Reset to default
3

As already written by Chris. TypoScript is not initialized at this time and I also don't suggest to do so by yourself.

Your options are:

  • Use the extension configuration which is described here
  • Use the site settings which are described here

Which one you want to use depends on the usecase. The extension configuration is global and even more lowlevel as now site is used. If you need different setttings for a multi-site installation, the site settings are the prefered choice

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks - I've also discussed with Chris in Slack and there is one more viable alternative: Environment variables. But for this specific use case, I may need to create new users on the fly - and to do so, I need the the user storage page and the users groups. And those should really be configured in the database. My way to work around this is to have a startAuthAction which redirects to the IdP, then it comes back to a verifyAction which checks the received response and takes action, and a proceedAction which gets the username (secured with HMAC) as a parameter and logs the user in.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.