承接 magedevgroup/module-admin-sso-google 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

magedevgroup/module-admin-sso-google

Composer 安装命令:

composer require magedevgroup/module-admin-sso-google

包简介

Google Workspace provider plugin for Magento 2 admin SSO — supplies the Google OIDC preset (fixed discovery URL, scopes, hosted-domain restriction, branding) for the provider-agnostic admin-sso capability. Installs admin-sso (and sso-core) automatically.

README 文档

README

Google Workspace login for the Magento 2 admin panel.

License Magento PHP Version

A thin Google provider plugin for the provider-agnostic admin-sso capability. It supplies the Google OIDC preset — a fixed discovery URL, default scopes, optional hosted-domain restriction, login-button branding — while all OIDC protocol lives in sso-core and all admin logic in admin-sso. Installing it pulls admin-sso and sso-core automatically.

Installation

composer require magedevgroup/module-admin-sso-google
bin/magento module:enable MageDevGroup_SsoCore MageDevGroup_AdminSso MageDevGroup_AdminSsoGoogle
bin/magento setup:upgrade

Create the Google OAuth 2.0 client

In the Google Cloud ConsoleAPIs & Services → Credentials:

  1. Create credentials → OAuth client ID, application type Web application.
  2. Authorized redirect URI — the admin-sso callback: https://<admin-host>/<admin-path>/adminsso/sso/callback (<admin-path> is the backend frontName, default admin). It must match the admin URL used at runtime exactly.
  3. Create, then copy the Client ID and Client secret.

No discovery/tenant configuration is needed — Google exposes a single, tenant-independent OIDC discovery document (https://accounts.google.com/.well-known/openid-configuration).

Configuration

Admin → Stores → Configuration → MageDevGroup → Admin SSO.

General (magedevgroup_admin_sso/general/*):

Field Value
Enable Admin SSO Yes
Identity Provider Google Workspace
Client ID from the Google OAuth client
Client Secret from the Google OAuth client

Google Workspace (magedevgroup_admin_sso/google/*, shown when Google is selected):

Field Value
Allowed Workspace Domain optional; restrict sign-in to one Workspace domain, e.g. example.com

When Allowed Workspace Domain is set, sign-in is enforced against Google's hd (hosted-domain) claim: accounts outside the domain — including personal Google accounts, which carry no hd — are rejected on callback. Leave it empty to allow any Google account.

Enforce-SSO/break-glass are configured in admin-sso; see that module's README.

No groups in the Google token — role mapping limitation

Google Workspace does not include group membership in the OIDC ID token. There is no groups claim over standard OIDC, so admin-sso's group → ACL-role mapping cannot resolve from a Google login: a provisioned admin falls back to the default role configured in admin-sso. The practical Google control is who may sign in (the Allowed Workspace Domain above), not what role they get.

Fetching group memberships would require the Google Admin SDK Directory API (a service account with domain-wide delegation) — out of scope for v1.

Requirements

  • Magento 2.4.x
  • PHP 8.3 – 8.5

Part of the MageDevGroup identity suite

Repo Role
sso-core Shared OIDC engine (installed automatically)
admin-sso · admin-sso-<idp> Admin-panel SSO login
customer-sso · customer-sso-<idp> Storefront SSO login
admin-scim · admin-scim-<idp> Admin-user provisioning (SCIM 2.0)

License

OSL-3.0 © MageDevGroup. Commercial licensing and support: https://magedevgroup.com.

统计信息

  • 总下载量: 0
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 2
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: OSL-3.0
  • 更新时间: 2026-07-10

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固