Integrations
Recipes for the most common stacks: WordPress, Perfex, Laravel, plus 3rd-party SSO, reseller-mode, and a market comparison.
Integrations
This section is the practical hub: where you’d come if you’ve already decided to use WolfieAuth and now want to wire it up to something specific. Three first-class plugin/package recipes (WordPress, Perfex, Laravel) live on this page. Three sibling pages cover broader integration patterns:
- 3rd-party app SSO → — Portainer, Grafana, Argo CD, Proxmox, Gitea, Nextcloud, oauth2-proxy. Anything that speaks OIDC or generic OAuth2 plugs in by registering one OidcClient and pasting four URLs.
- Reseller mode → — when your downstream app needs to host its own sub-tenants. Three-level fee policy, custom domains per reseller, branding cascade, cascade-suspend, SDK helpers.
- WolfieAuth vs the IAM market → — honest comparison against Auth0, Okta, WorkOS, Stytch, FrontEgg, AWS IAM Identity Center and better-auth on B2B-of-B2B / hierarchy / passwordless / billing primitives.
All three plugin recipes below start the same way: register your app at the WolfieAuth admin panel, grab client_id + client_secret, then drop in the matching plugin/package.
WordPress
Install
Download the wolfieauth-client plugin from downloads.wolfieguard.com, upload via Plugins → Add New → Upload, activate. Or use WP-CLI:
wp plugin install https://downloads.wolfieguard.com/wolfieauth-client.zip --activate
Configure
Settings → WolfieAuth:
Issuer: https://auth.wolfieguard.com
Client ID: <yourorg>-<yoursite>
Client Secret: <from-admin-panel>
Scopes: openid profile email org
Auto-link by email: ON
The plugin auto-registers the OIDC callback at /wp-admin/admin-ajax.php?action=wolfieauth_callback. Set this URL as the Redirect URI in the WolfieAuth panel.
Login button
Add to header.php or via shortcode [wolfieauth_login]:
<a href="<?php echo esc_url( admin_url('admin-ajax.php?action=wolfieauth_start') ); ?>">
🐺 Sign in with WolfieAuth
</a>
Reading WolfieAuth roles in WP
When a user signs in, the plugin maps claims.wolfieauth_role_slug to a WP role per wolfieauth_role_map filter. Default mapping:
| WolfieAuth slug | WP role |
|---|---|
super-admin / admin | administrator |
editor | editor |
auditor / viewer | subscriber |
Override via filter:
add_filter('wolfieauth_role_map', function ($map) {
$map['billing-admin'] = 'shop_manager'; // map to WooCommerce role
return $map;
});
Per-app plan gating
Read entitlements from the user meta the plugin caches at login:
$plans = get_user_meta($user_id, 'wolfieauth_plans', true);
if (in_array('ksef_enabled', $plans['features'] ?? [])) {
// user has KSeF on their active plan
}
Perfex CRM
Install
Drop the wolfieauth_client module into application/modules/ and activate via Setup → Modules. Or install via the WolfieRepo Perfex extension if you have it.
Configure
Setup → WolfieAuth:
Issuer: https://auth.wolfieguard.com
Client ID: <yourorg>-<yourperfex>
Client Secret: <from-admin-panel>
Auto-create staff: ON
Auto-create contacts: ON
Redirect URI to register in WolfieAuth: https://yourperfex.com/wolfieauth_client/callback
Login flow
The module replaces the Perfex login page with a “Sign in with WolfieAuth” button. Direct login still works for Perfex-only users (those without a linked WolfieAuth account).
For staff with linked accounts, role mapping happens automatically:
| WolfieAuth slug | Perfex |
|---|---|
admin / super-admin | is_admin = 1 |
editor / member | regular staff |
customer / viewer | contact (with a placeholder client if needed) |
Linking existing Perfex users
When a Perfex staff user with email [email protected] first signs in via WolfieAuth and there’s already a Perfex staff row matching that email, the module auto-links the two by email instead of creating a duplicate. Toggle auto_link_by_email off if you want strict pairing.
Manual provisioning from WolfieAuth admin
For ops users who want to create a new Perfex staff member from the WolfieAuth side: go to /admin/clients/<your-perfex-app-id>#users → + Dodaj usera. Fill email, name, role, click “Utwórz”. The Perfex side gets created via REST API and a LinkedAccount row links it.
Laravel
Install
composer require wolfieauth/laravel
php artisan vendor:publish --tag=wolfieauth-config
php artisan vendor:publish --tag=wolfieauth-migrations
php artisan migrate
Configure
.env:
WOLFIEAUTH_ISSUER=https://auth.wolfieguard.com
WOLFIEAUTH_CLIENT_ID=youorgslug-myapp
WOLFIEAUTH_CLIENT_SECRET=<from-admin-panel>
WOLFIEAUTH_REDIRECT_URI="${APP_URL}/auth/wolfieauth/callback"
Register https://your-app.com/auth/wolfieauth/callback as the Redirect URI in the WolfieAuth panel.
Use
Routes auto-register:
GET /auth/wolfieauth/login→ redirect to WolfieAuthGET /auth/wolfieauth/callback→ handle code, log user inGET /auth/wolfieauth/logout→ Laravel + WolfieAuth logout
<a href="{{ route('wolfieauth.login') }}">🐺 Sign in with WolfieAuth</a>
In your controllers / middleware / policies — behaves exactly like standard Laravel auth (Auth::check(), Auth::user()).
Events
// EventServiceProvider
protected $listen = [
\WolfieAuth\Laravel\Events\WolfieAuthUserCreated::class => [
\App\Listeners\SendWelcomeEmail::class,
],
\WolfieAuth\Laravel\Events\WolfieAuthLoggedIn::class => [
\App\Listeners\TrackLoginActivity::class,
],
];
Both events carry $user (your User model) and the raw $claims array from /userinfo.
Reading claims
$raw = Socialite::driver('wolfieauth')->user()->getRaw();
// $raw['sub'], $raw['email'], $raw['role'],
// $raw['wolfieauth_org_id'], $raw['wolfieauth_plans'], …
Other stacks
For Express / Django / Rails / Symfony / CakePHP / Go — see the SDKs page for a similar setup. The pattern is the same: install the SDK, configure env vars, register the redirect URI, drop a “Sign in” button.
For arbitrary 3rd-party apps that you didn’t build (Portainer, Grafana, Argo CD, Proxmox, Gitea, Nextcloud, anything OIDC-compatible), see 3rd-party app SSO — concrete settings tables and troubleshooting recipes.
Continue reading
- 3rd-party app SSO — wire up Portainer, Grafana, Argo CD, Proxmox, Gitea, Nextcloud
- Reseller mode — multi-tier B2B-of-B2B for downstream apps
- WolfieAuth vs the IAM market — Auth0, Okta, WorkOS, Stytch, FrontEgg, AWS IAM, better-auth
- SSO & Sessions — what happens between login click and dashboard render
- Plans & Billing — start charging
Last updated: