.. include:: ../../Includes.txt .. _admin-extensionConfiguration: ======================= Extension Configuration ======================= All configuration is made in the "Extension Configuration" section of the "Settings" module beneath the "Admin Tools". .. figure:: ../../Images/extension-configuration.png :alt: Extension Configuration :class: with-shadow The extension configuration can be found in the admin tools. .. _admin-extensionConfiguration-properties: Properties ========== .. container:: ts-properties ======================================= ==================================== ================== Property Tab Type ======================================= ==================================== ================== enableBackendLogin_ Backend boolean backendConnection_ Backend positive integer reactivateDisabledBackendUsers_ Backend boolean reactivateDeletedBackendUsers_ Backend boolean softLogout_ Backend boolean additionalAuthorizeParameters_ Backend string disableSudoModeBypass_ Backend boolean mergeUsersByEmailAndUsername_ Backend boolean genericCallback_ Token boolean privateKeyFile_ Token string publicKeyFile_ Token string userIdentifier_ Token string ======================================= ==================================== ================== .. ### BEGIN~OF~TABLE ### .. _admin-extensionConfiguration-properties-securedDirs: enableBackendLogin ------------------ .. container:: table-row Property enableBackendLogin Data type boolean Default :code:`false` Description Enable Auth0 login for TYPO3 backend. .. _admin-extensionConfiguration-properties-backendConnection: backendConnection ----------------- .. container:: table-row Property backendConnection Data type positive integer Default :code:`1` Description Application identifier for backend login. .. _admin-extensionConfiguration-properties-reactivateDisabledBackendUsers: reactivateDisabledBackendUsers ------------------------------ .. container:: table-row Property reactivateDisabledBackendUsers Data type boolean Default :code:`false` Description Allow log in for disabled backend users. .. _admin-extensionConfiguration-properties-reactivateDeletedBackendUsers: reactivateDeletedBackendUsers ----------------------------- .. container:: table-row Property reactivateDeletedBackendUsers Data type boolean Default :code:`false` Description Allow log in for deleted backend users. .. _admin-extensionConfiguration-properties-softLogout: softLogout ------------------ .. container:: table-row Property softLogout Data type boolean Default :code:`false` Description Log off from TYPO3 only (not from Auth0). .. _admin-extensionConfiguration-properties-additionalAuthorizeParameters: additionalAuthorizeParameters ----------------------------- .. container:: table-row Property additionalAuthorizeParameters Data type string Default unset Description Additional query parameters for backend authentication (e.g. `access_type=offline&connection=google-oauth2`). .. _admin-extensionConfiguration-properties-disableSudoModeBypass: disableSudoModeBypass --------------------- .. container:: table-row Property disableSudoModeBypass Data type boolean Default :code:`false` Description Controls whether Auth0-authenticated users with a valid session can bypass TYPO3's sudo mode password confirmation dialog when accessing Admin Tools modules. When disabled (default), Auth0 users with a valid session will not be prompted for password confirmation when accessing protected Admin Tools modules, providing a smoother user experience for externally authenticated users. When enabled, the standard TYPO3 sudo mode behavior is enforced, requiring password confirmation regardless of Auth0 session status. .. note:: This setting only applies to TYPO3 13.4.13 and higher (including TYPO3 14), where sudo mode bypassing is available. .. _admin-extensionConfiguration-properties-mergeUsersByEmailAndUsername: mergeUsersByEmailAndUsername ---------------------------- .. container:: table-row Property mergeUsersByEmailAndUsername Data type boolean Default :code:`false` Description When enabled and no backend user with a matching ``auth0_user_id`` is found, the extension attempts to locate an existing user by email address and username. If a match is found, the stored ``auth0_user_id`` is updated to the new value so subsequent logins use the standard lookup path. This is useful when a user switches their **login method within Auth0** — for example from a Google social connection to an email/password account. Even within the same Auth0 tenant, each connection type produces a different ``sub`` claim (e.g. ``google-oauth2|…`` vs. ``auth0|…``). Without this option, TYPO3 would create a second backend user record, severing the original user's edit history and permissions. The username is resolved via the YAML property mapping (``databaseField: username``). If no such mapping is configured, Auth0's ``nickname`` claim is used as a fallback. .. note:: Disable this option again once all affected users have logged in at least once, to avoid unintended account merges. The option has no effect if either the email or the username cannot be determined from the Auth0 token. .. _admin-extensionConfiguration-properties-privateKeyFile: privateKeyFile -------------- .. container:: table-row Property privateKeyFile Data type string Default unset Description The absolute path to your private key file on your server. If set, this key will be used for signing the generated tokens. Otherwise, TYPO3's encryption key will be used. Only RSA keys are supported for now. .. _admin-extensionConfiguration-properties-publicKeyFile: publicKeyFile ------------- .. container:: table-row Property publicKeyFile Data type string Default unset Description The absolute path to your public key file on your server. .. _admin-extensionConfiguration-properties-userIdentifier: userIdentifier ------------- .. container:: table-row Property userIdentifier Data type string Default :code:`sub` Description The property of the ID token containing the unique user ID.