jwauth
jweiland/jwauth
main
en
Stefan Froemken
This document is published under the Creative Commons BY 4.0 license.
Wed, 10 Sep 2025 10:48:47 +0000
Login to TYPO3 frontend with your static IP address
Table of Contents:
This extension adds a new service to authenticate FE-Users directly if IP address of their client matches IP address configured in FE-User record.
Here you see the new TCA field IP address in the fe_ record.
If your TYPO3 installation works in composer mode, please execute following command:
composer req jweiland/jwauth
vendor/bin/typo3 extension:setup --extension=jwauthIf you work with DDEV please execute this command:
ddev composer req jweiland/jwauth
ddev exec vendor/bin/typo3 extension:setup --extension=jwauthOn non composer based TYPO3 installations you can install jwauth still
over the ExtensionManager:
Login
Login to backend of your TYPO3 installation as an administrator or system maintainer.
Open ExtensionManager
Click on Extensions from the left menu to open the ExtensionManager.
Update Extensions
Choose Get Extensions from the upper selectbox and click
on the Update now button at the upper right.
Install jwauth
Use the search field to find jwauth. Choose the jwauth line from
the search result and click on the cloud icon to install jwauth.
The extension jwauth adds a new textfield called "IP Address" in FE-User
records. We haven't created a special tab for this column, so you will find it
on the last tab of fe_user record.
We prefer to enter the full IP address, but, if needed, you also can enter just
parts of your IP address. jwauth also supports the use of IPv6 addresses.
Note
If you're working with IPv6 address you have to enter the full IPv6
address. No 4324::: parts are allowed. Such parts you have to fill
with 0. Example: 4324:.
All classes are based on namespaces. So you can't use this extension on TYPO3 Versions below 6.0.
We register this service with a priority of 70 and a quality of 70. With these values we are higher than the services of felogin and saltedpasswords. So, if IP does not match, we give the other services a try to login the user.
Example: User A will login to frontend automatically, if his IP address matches a fe_user record with same IP address. When User A is online at home the IP address will not match, but User A has still the possibility to login via felogin or similar authentication methods.
If a user logs in via jwauth, his user session will be deleted after EACH
request! So with each request, the user will be logged in again and again. This
is for security reasons. Without that part you as an administrator can
deactivate jwauth in extension manager, but these users can still browse to
your website. In our opinion an administrator must always have the opportunity
to deactivate such a feature directly.
It could be that browsing with activated jwauth can slow down your website
some milliseconds. That's because users IP address matches have to
process the complete user authentication with each request.
Yes it is. It uses the comIP() method of GeneralUtility which can validate IPv4 and IPv6 addresses.
Ah yeah. That's funny? Users with matched IP addresses are authenticated with EACH request. You can't logout. So, if you press "Logout" the page reloads, we have a new request and you're logged in again.