Skip to content
Marketing Factory Digital GmbH
Contact
Key

OAuth2 Authentication for the TYPO3 Backend

One login for all systems – no separate TYPO3 password required

Anyone working across multiple systems knows the problem: a separate password for every application, changed regularly, never the same. In the TYPO3 world, this affects editors, developers, and administrators alike.

The TYPO3 extension oauth2 solves this: users log into the TYPO3 backend via the OAuth2 provider they already use every day, with no separate TYPO3 password required. One login for all systems.

User management and group or role assignments can be handled directly in the provider. The configuration of groups and access rights within TYPO3 itself remains the responsibility of the administrator, but only needs to be set up once.

Our solution: Generic OAuth2 integration for TYPO3

Show larger version for: Login Screen

The extension was originally developed at the TYPO3 Developer Days 2018 to meet our own needs. We use GitLab as our central source code management system and built the extension to allow our developers to log directly into the TYPO3 backend with it. It is fully generic and supports any OAuth2-compatible service without modifications to the source code. Common identity providers such as GitLab, GitHub, Google, Microsoft Azure AD, Keycloak, or self-hosted OAuth2 servers can all be configured flexibly. We are currently working internally on a Keycloak implementation as an additional provider.

Once installed, an additional login button for the configured OAuth2 service appears alongside the standard username and password login. Users who are already signed in to that service are taken directly to the TYPO3 backend after a one-time authorisation, with no password entry required.

This significantly reduces administrative overhead: access rights are managed centrally in the identity provider, and onboarding new staff or removing former users is handled in a single step.

Features of the oauth2 extension

The extension is open source and supports TYPO3 v13 and v14 (PHP 8.2). Older versions support TYPO3 from v11 onwards.

Authentication:

  • Backend login via any OAuth2-compatible service.
  • A GitLab provider is included out of the box and ready to configure.
  • Custom providers can be implemented easily via a well-defined interface.

User management:

  • Automatic creation of new backend users on first login.
  • Admin permissions and backend group memberships can be controlled via the OAuth2 service.

Open and extensible:

  • Open source, licensed under GPL-2.
  • Actively maintained and proven in production projects.
  • Free support via the GitHub issue tracker, commercial support available on request.

Link list TYPO3 extension "oauth2"

Professional TYPO3 backend structures

Clean user management is the foundation for secure and efficient editorial workflows in TYPO3. The oauth2 extension is one building block, but the questions around permissions concepts, group structures, and onboarding processes go further than that.

We advise and support TYPO3 projects in designing and implementing the right backend structures, from access rights to integration with existing identity management systems.

In use at

We use oauth2 ourselves on marketing-factory.com and have integrated the extension in numerous client projects, including CPZ (bau-welt.de), SEGGER, Maxionwheels, pfm, and ha-group. With over 77,000 downloads in the TYPO3 Extension Repository, it is also being adopted by a growing number of TYPO3 projects worldwide.

FAQs

What does the TYPO3 extension oauth2 do?

The extension enables login to the TYPO3 backend via any OAuth2-compatible service. Instead of a separate TYPO3 password, users sign in with their existing credentials from the company’s central identity provider.

Which TYPO3 versions are supported?

The current version supports TYPO3 v13 and v14 (PHP 8.2). Older versions of the extension also support TYPO3 from v11 onwards. New features are only added to the current version. Installation is via Composer: composer require mfc/oauth2.

Is the extension free to use?

Yes. The extension is open source and released under the GPL-2 licence. Free support is available via the GitHub issue tracker, with commercial support available on request.

Which OAuth2 providers are supported?

The extension is fully generic and supports any OAuth2-compatible service. A GitLab provider is included out of the box and ready to configure. Additional providers such as GitHub, Google, Microsoft Azure AD, or Keycloak can be implemented easily via a well-defined interface.

Do backend users need to be created in TYPO3 in advance?

No. The extension can automatically create new backend users on their first login. This significantly simplifies onboarding.

Can permissions be managed via the OAuth2 service?

Yes. Certain OAuth2 providers can grant admin permissions and control backend group memberships. This means access rights are managed centrally in the identity provider and do not need to be maintained separately in TYPO3.

What happens when a staff member leaves the company?

Since login goes through the central identity provider, it is sufficient to deactivate the user there. Access to all connected systems, including TYPO3, is immediately revoked without having to adjust each system individually.

How do I implement a custom OAuth2 provider?

Custom providers can be implemented by extending the abstract class AbstractResourceServer. The extension provides a well-defined interface through which any OAuth2-compatible service can be connected.

Are there any special requirements for the TYPO3 configuration?

Yes. For the OAuth2 redirect mechanism, the cookie setting in TYPO3 must be set to lax:

$GLOBALS['TYPO3_CONF_VARS']['BE']['cookieSameSite'] = 'lax'

How can I contribute to the development of the extension?

The extension is available on GitHub. Feature requests and bug reports can be submitted via the issue tracker. Pull requests are very welcome. For commercial support, feel free to contact us directly.