Àpèjúwe

With this plugin you can use your own WordPress install to authenticate with a webservice that provides OpenID Connect to implement Single-Sign On (SSO) for your users.

The plugin is currently only configured using constants and hooks as follows:

Define the RSA keys

If you donÌtumọ̀ Yorùbá: ’t have keys that you want to use yet, generate them using these commands:

openssl genrsa -out oidc.key 4096
openssl rsa -in oidc.key -pubout -out public.key

And make them available to the plugin as follows (this needs to be added before WordPress loads):

define( 'OIDC_PUBLIC_KEY', <<<OIDC_PUBLIC_KEY
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
OIDC_PUBLIC_KEY
);

define( 'OIDC_PRIVATE_KEY', <<<OIDC_PRIVATE_KEY
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
OIDC_PRIVATE_KEY
);

Alternatively, you can also put them outside the webroot and load them from the files like this:

define( 'OIDC_PUBLIC_KEY', file_get_contents( '/web-inaccessible/oidc.key' ) );
define( 'OIDC_PRIVATE_KEY', file_get_contents( '/web-inaccessible/private.key' ) );

Define the clients

Define your clients by adding a filter to oidc_registered_clients in a separate plugin file or functions.php of your theme or in a MU-plugin like:

add_filter( 'oidc_registered_clients', 'my_oidc_clients' );
function my_oidc_clients() {
    return array(
        'client_id_random_string' => array(
            'name' => 'The name of the Client',
            'secret' => 'a secret string',
            'redirect_uri' => 'https://example.com/redirect.uri',
            'grant_types' => array( 'authorization_code' ),
            'scope' => 'openid profile',
        ),
    );
}

Exclude URL from caching

example.com/wp-json/openid-connect/userinfo: We implement caching exclusion measures for this endpoint by setting Cache-Control: 'no-cache' headers and defining the DONOTCACHEPAGE constant. If you have a unique caching configuration, please ensure that you manually exclude this URL from caching.

Github Repo

You can report any issues you encounter directly on Github repo: Automattic/wp-openid-connect-server

Àwọn àgbéyẹ̀wò

Kò sí àwọn àgbéyẹ̀wò fún plugin yìí.

Àwọn Olùkópa & Olùgbéejáde

“OpenID Connect Server” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa sí plugin yìí.

A ti túmọ̀ “OpenID Connect Server” sí àwọn èdè agbègbè 4. Ọpẹ́lọpẹ́ fún àwọn atúmọ̀ èdè fún àwọn ìkópa wọn.

Túmọ̀ “OpenID Connect Server” sí èdè rẹ.

Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?

Ṣàwárí koodu, ṣàyẹ̀wò ibi ìpamọ́ SVN, tàbí ṣe àgbékalẹ̀ sí àkọsílẹ̀ ìdàgbàsókè nípasẹ̀ RSS.

Àkọsílẹ̀ àwọn àyípadà

2.0.0

[Breaking] Add a configuration option to support clients that donÌtumọ̀ Yorùbá: ’t require consent #118 props @lart2150
Make client_id and client_secret optional for the token endpoint #116 props @lart2150
Update expected args specs for token endpoint as per OIDC spec #117

1.3.4

Add the autoloader to the uninstall script #111 props @MariaMozgunova

1.3.3

Fix failing login when Authorize form is non-English [#108]
Improvements in site health tests for key detection [#104][#105]

1.3.2

Prevent userinfo endpoint from being cached [#99]

1.3.0

Return display_name as the name property [#87]
Change text domain to openid-connect-server, instead of wp-openid-connect-server [#88]

1.2.1

No user facing changes

1.2.0

Add oidc_user_claims filter [#82]