Hello User Custom Plugin Tutorial

Basic

Custom plugins are mini web applications that integrate seamlessly with the Staffbase platform to provide tailored functionality. Administrators can add and publish them in the same way they manage standard Staffbase plugins. Learn more about plugins.

In this tutorial, you will:

Learn how to develop a minimal custom plugin to display personalized greetings using PHP.
Understand the core folder structure and configuration.
Master the basics to prepare for future complex use cases.

The image above conceptualizes how the Hello User plugin could look after it’s available to users on the Staffbase platform.

This tutorial is designed to help you gain hands-on experience with plugin development for the Staffbase platform. It walks you through developing the plugin locally. To use it on the Staffbase platform, you will need to complete the following, which are not covered in the tutorial:

Share the plugin specifications with Staffbase.
Host the plugin on a server that can run PHP files and is reachable over the internet.
Register and activate the plugin on the Staffbase platform. Contact Staffbase Support or your Customer Success Manager for more information.
Have your Staffbase administrator install and publish it. Learn more about making content available via a plugin.

You have a basic understanding of Staffbase plugins and are familiar with terminal/command line usage.
PHP is installed on your system.
You have a code editor. For example, Visual Studio Code.

Download composer

To start building the plugin, you need to use the plugin SDK for PHP. This SDK provides the basic functionality to parse and verify the PHP token. Staffbase provides the SDK via a composer.

Run the following commands in your terminal:

Create a folder for your project.

mkdir MyCustomPlugin
cd MyCustomPlugin

Download the composer installer to the current directory.
You should now see a file named composer.phar in your folder.

Install dependencies

Now you can use the composer to install the specific dependencies required for the plugin SDK.

Install the custom plugin dependencies using composer.

./composer.phar require staffbase/plugins-sdk-php

List the files installed.

ls -l

You should see:

composer.json
composer.lock
vendor

These are your dependency and package management files.

Open the folder in the code editor

Launch your project folder MyCustomPlugin, in your preferred code editor. It looks as shown in the screenshot:

Develop the plugin

Now that you have all the dependencies, you can create PHP files and a structure for plugin development.

Inside the vendor folder, you have the plugin SDK and all other dependencies it requires.

Create an index.php file inside the project folder. In the index.php file, provide a namespace for the plugin.

<?php

namespace MyCustomPlugin;

Import the library from the SDK to verify the SSO token. The SSO token here is a JSON Web Token that verifies whether the information is valid.

use Staffbase\plugins\sdk\SSOToken;

Authenticate the user with an app secret.

try {

    $appSecret = '{enter your secret here}';

The $appSecret is a public key that the plugin uses to verify the signature of any JWT received. For now, you can leave it blank. You receive the key from Staffbase when you register your plugin with Staffbase and need to provide it if you want to make the plugin available on the Studio Plugins page.

Use the SSOToken class to validate the incoming JWT token. This typically happens via a GET request when a user accesses your plugin:

$sso = new SSOToken($appSecret, $_GET['jwt'] ?? '');

Here’s what a sample request looks like:

https://my.plugin.com/index.php?jwt=MII3ksglkgfglfgnfdl

This step ensures that the user is authenticated and the token data is valid before rendering any content or executing plugin logic.

Use the exception library to add an exception rule for when the user accessing the plugin does not have the required permissions.

use Exception;

} catch (\Exception $e) {
    print "Access denied.";
    exit;
}

Use the following line of code to greet the authenticated user by name:

print “<html><body>Hello“. $sso->getFullName() . “! </body></html>“;

The method getFullName() retrieves the full name of the user from the decoded JWT. You can use other methods in the SSOToken class to enrich your use case and display other user details, such as to display department, email address, and so on.

You have developed a custom plugin to display a personalized greeting. The entire code snippet in the index.php file should look like this:

<?php

namespace MyCustomPlugin;

use Staffbase\plugins\sdk\SSOToken;

try {
    // todo: generate a scret in the backend and implement a plugin

    $appSecret = '{enter your secret here}';
    $sso = new SSOToken($appSecret, $_GET[`jwt`]?? "");

    // https://my.plugin.com/index.php?jwt={enter-the-jwt-token}

    // Display a personalized greeting

    print “<html><body>Hello“. $sso->getFullName() . “! </body></html>“;

} catch (\Exception $e) {
    print "Access denied. ";
    exit;
}

This example is the foundation for more advanced use cases such as:

Handling authenticated user data
Integrating APIs
Displaying dynamic content

Host your plugin on a server
Share specifications with Staffbase
Register and activate your plugin
Ask your Staffbase administrator to install and publish it

Open tasks with personalized greeting: Integrate with a third-party tool, such as Jira or Salesforce, and display open tasks.

Example: Hi John, you have 2 open tasks, 1 in progress task, and 2 tasks in review on your Jira board.
Department-specific dashboard: Display a personalized message based on the documents filtered by the user’s department.

Example: Hi Jane, here’s the marketing department’s Q3 performance report.

Brand alignment custom plugin tutorial

Prerequisites

Download composer

Install dependencies

Open the folder in the code editor

Develop the plugin

Recommended next steps for the Hello User plugin

Additional use cases

Next in this series