Repository files navigation

• Contributors: wordpressdotorg, akirk, ashfame, psrpinto
• Tags: oidc, oauth, openid, openid connect, oauth server
• Requires at least: 6.0
• Tested up to: 6.8
• Requires PHP: 7.4
• License:GPLv2
• Stable tag: 2.0.0
• GitHub Plugin URI:https://github.com/Automattic/wp-openid-connect-server

Use OpenID Connect to log in to other webservices using your own WordPress.

With this plugin you can use your own WordPress install to authenticate with a webservice that providesOpenID Connect to implement Single-Sign On (SSO) for your users.

The plugin is currently only configured using constants and hooks as follows:

If you don't have keys that you want to use yet, generate them using these commands:

openssl genrsa -out oidc.key 4096openssl rsa -in oidc.key -pubout -out public.key

And make them available to the plugin as follows (this needs to be added before WordPress loads):

define('OIDC_PUBLIC_KEY',<<<OIDC_PUBLIC_KEY-----BEGIN PUBLIC KEY-----...-----END PUBLIC KEY-----OIDC_PUBLIC_KEY);define('OIDC_PRIVATE_KEY',<<<OIDC_PRIVATE_KEY-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----OIDC_PRIVATE_KEY);

Alternatively, you can also put them outside the webroot and load them from the files like this:

define('OIDC_PUBLIC_KEY',file_get_contents('/web-inaccessible/oidc.key' ) );define('OIDC_PRIVATE_KEY',file_get_contents('/web-inaccessible/private.key' ) );

Define your clients by adding a filter tooidc_registered_clients in a separate plugin file orfunctions.php of your theme or in a MU-plugin like:

add_filter('oidc_registered_clients','my_oidc_clients' );functionmy_oidc_clients() {returnarray('client_id_random_string' =>array('name' =>'The name of the Client','secret' =>'a secret string','redirect_uri' =>'https://example.com/redirect.uri','grant_types' =>array('authorization_code' ),'scope' =>'openid profile',),);}

• example.com/wp-json/openid-connect/userinfo: We implement caching exclusion measures for this endpoint by settingCache-Control: 'no-cache' headers and defining theDONOTCACHEPAGE constant. If you have a unique caching configuration, please ensure that you manually exclude this URL from caching.

You can report any issues you encounter directly onGithub repo: Automattic/wp-openid-connect-server

• [Breaking] Add a configuration option to support clients that don't require consent#118 props @lart2150
• Make client_id and client_secret optional for the token endpoint#116 props @lart2150
• Update expected args specs for token endpoint as per OIDC spec#117

• Add the autoloader to the uninstall script#111 props @MariaMozgunova

• Fix failing login when Authorize form is non-English [#108]
• Improvements in site health tests for key detection [#104][#105]

• Prevent userinfo endpoint from being cached [#99]

• Returndisplay_name as thename property [#87]
• Change text domain toopenid-connect-server, instead ofwp-openid-connect-server [#88]

• No user facing changes

• Addoidc_user_claims filter [#82]