Oidc

OAuth 2.0 / OpenID Connect: Google, GitHub, LinkedIn, Microsoft, Yandex, Yahoo, and any OIDC-compatible provider.

Oidc adds lightweight OAuth 2.0 and OpenID Connect login to ProcessWire: social sign-in, company SSO, callback handling, auto-registration, silent mode and hookable identity flow.

Oidc

It is made for sites that need external authentication without a full account-management suite: client portals, intranets, member areas, editorial tools, SaaS dashboards and private ProcessWire projects.

Repository: github.com/mxmsmnv/Oidc
Author: Maxim Semenov
Website: smnv.org
Email: maxim@smnv.org

If this project helps your work, consider supporting future development: GitHub Sponsors or smnv.org/sponsor.

What Oidc Does


  • Adds OAuth 2.0 / OpenID Connect login buttons to ProcessWire templates.
  • Supports Google, GitHub, LinkedIn, Microsoft, Yandex and Yahoo out of the box.
  • Supports custom OIDC providers through discovery URLs.
  • Works with Okta, Auth0, Keycloak, authentik, Azure AD, Dex and similar providers.
  • Handles OAuth callbacks automatically on frontend pages.
  • Verifies OIDC id_token claims with nonce, issuer, audience, expiry and RS256/JWKS checks.
  • Falls back to UserInfo for providers that expose identity through API endpoints.
  • Links local users by stable provider identity (issuer + subject) instead of email-only matching.
  • Auto-registers new ProcessWire users or lets hooks take over registration.
  • Blocks superuser OIDC login by default and supports role allow-lists.
  • Preserves return URLs through the login flow.
  • Includes silent mode for SSO-only sites and intranets.
  • Provides hook points for identity resolution, login, registration and provider definitions.

Provider Setup


Oidc includes a provider table in the module settings. Fill the Client ID and Client Secret for any built-in provider to enable it.

For standard OpenID Connect providers, configure one custom provider with:

  • provider ID;
  • display name;
  • client ID;
  • client secret;
  • discovery URL.

The module reads the provider's /.well-known/openid-configuration document and uses the discovered authorization, token, UserInfo and JWKS endpoints.

Public Integration


Oidc is an autoload module. Any frontend page where ?oidc=<provider> appears in the URL is handled automatically before template output.

Render login buttons anywhere in a template:

$oidc = $modules->get('Oidc');
echo $oidc->renderButtons();

The page that renders the buttons is also the callback page. Register that URL in each provider's OAuth application settings.

Installation


  1. Copy the Oidc folder into /site/modules/.
  2. In ProcessWire Admin, refresh modules.
  3. Install Oidc.
  4. Open the module settings and configure the callback URL.
  5. Add one or more providers and render the login buttons in your template.

Documentation


See DOCUMENTATION.md for setup, configuration, provider notes, hooks and template integration examples.

See CHANGELOG.md for the release notes.

Author


Maxim Semenov
smnv.org
maxim@smnv.org

License


MIT

More modules by Maxim Semenov

  • Context

    Export ProcessWire site context for AI development (JSON + TOON formats)
  • Ichiban (SEO control center)

    Comprehensive SEO module: meta/OG/schema, audit, redirects, revisions, email reports.
  • WireWall

    Advanced traffic firewall with VPN/Proxy/Tor detection, rate limiting, and JS challenge
  • Dimensions

    Stores product dimensions (L×W×H) and weight with selectable units of measurement.
  • Ally (a11y)

    Self-hosted accessibility widget powered by Sienna (MIT). Adds font, contrast, language, and navigation tools to any page. No external CDN — the JS bundle is served from your own server.
  • Subscribe

    Newsletter subscription handler with lists, double opt-in, honeypot, rate limiting and unsubscribe link.
  • Squad

    AI integration for ProcessWire. Supports Anthropic, OpenAI, Google, xAI, and OpenRouter.
  • Plausible Analytics

    Plausible Analytics dashboard using Stats API v2 with page-edit widget, traffic trends chart, and geo/device tabs.
  • Robots.txt

    Manage robots.txt file through the admin UI with presets and visual editor.

All modules by Maxim Semenov

Install and use modules at your own risk. Always have a site and database backup before installing new modules.