126 lines
5.9 KiB
Markdown
126 lines
5.9 KiB
Markdown
|
# OpenID Connect Generic Client #
|
||
|
**Contributors:** [daggerhart](https://profiles.wordpress.org/daggerhart/), [tnolte](https://profiles.wordpress.org/tnolte/)
|
||
|
**Donate link:** http://www.daggerhart.com/
|
||
|
**Tags:** security, login, oauth2, openidconnect, apps, authentication, autologin, sso
|
||
|
**Requires at least:** 5.0
|
||
|
**Tested up to:** 6.4.3
|
||
|
**Stable tag:** 3.10.0
|
||
|
**Requires PHP:** 7.4
|
||
|
**License:** GPLv2 or later
|
||
|
**License URI:** http://www.gnu.org/licenses/gpl-2.0.html
|
||
|
|
||
|
A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.
|
||
|
|
||
|
## Description ##
|
||
|
|
||
|
This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.
|
||
|
Once installed, it can be configured to automatically authenticate users (SSO), or provide a "Login with OpenID Connect"
|
||
|
button on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while
|
||
|
new users are created in WordPress database.
|
||
|
|
||
|
Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.
|
||
|
|
||
|
Please submit issues to the Github repo: https://github.com/daggerhart/openid-connect-generic
|
||
|
|
||
|
## Installation ##
|
||
|
|
||
|
1. Upload to the `/wp-content/plugins/` directory
|
||
|
1. Activate the plugin
|
||
|
1. Visit Settings > OpenID Connect and configure to meet your needs
|
||
|
|
||
|
## Frequently Asked Questions ##
|
||
|
|
||
|
### What is the client's Redirect URI? ###
|
||
|
|
||
|
Most OAuth2 servers will require whitelisting a set of redirect URIs for security purposes. The Redirect URI provided
|
||
|
by this client is like so: https://example.com/wp-admin/admin-ajax.php?action=openid-connect-authorize
|
||
|
|
||
|
Replace `example.com` with your domain name and path to WordPress.
|
||
|
|
||
|
### Can I change the client's Redirect URI? ###
|
||
|
|
||
|
Some OAuth2 servers do not allow for a client redirect URI to contain a query string. The default URI provided by
|
||
|
this module leverages WordPress's `admin-ajax.php` endpoint as an easy way to provide a route that does not include
|
||
|
HTML, but this will naturally involve a query string. Fortunately, this plugin provides a setting that will make use of
|
||
|
an alternate redirect URI that does not include a query string.
|
||
|
|
||
|
On the settings page for this plugin (Dashboard > Settings > OpenID Connect Generic) there is a checkbox for
|
||
|
**Alternate Redirect URI**. When checked, the plugin will use the Redirect URI
|
||
|
`https://example.com/openid-connect-authorize`.
|
||
|
|
||
|
|
||
|
## Changelog ##
|
||
|
|
||
|
### 3.10.0 ###
|
||
|
|
||
|
* Chore: @timnolte - Dependency updates.
|
||
|
* Fix: @drzraf - Prevents running the auth url filter twice.
|
||
|
* Fix: @timnolte - Updates the log cleanup handling to properly retain the configured number of log entries.
|
||
|
* Fix: @timnolte - Updates the log display output to reflect the log retention policy.
|
||
|
* Chore: @timnolte - Adds Unit Testing & New Local Development Environment.
|
||
|
* Feature: @timnolte - Updates logging to allow for tracking processing time.
|
||
|
* Feature: @menno-ll - Adds a remember me feature via a new filter.
|
||
|
* Improvement: @menno-ll - Updates WP Cookie Expiration to Same as Session Length.
|
||
|
|
||
|
### 3.9.1 ###
|
||
|
|
||
|
* Improvement: @timnolte - Refactors Composer setup and GitHub Actions.
|
||
|
* Improvement: @timnolte - Bumps WordPress tested version compatibility.
|
||
|
|
||
|
### 3.9.0 ###
|
||
|
|
||
|
* Feature: @matchaxnb - Added support for additional configuration constants.
|
||
|
* Feature: @schanzen - Added support for agregated claims.
|
||
|
* Fix: @rkcreation - Fixed access token not updating user metadata after login.
|
||
|
* Fix: @danc1248 - Fixed user creation issue on Multisite Networks.
|
||
|
* Feature: @RobjS - Added plugin singleton to support for more developer customization.
|
||
|
* Feature: @jkouris - Added action hook to allow custom handling of session expiration.
|
||
|
* Fix: @tommcc - Fixed admin CSS loading only on the plugin settings screen.
|
||
|
* Feature: @rkcreation - Added method to refresh the user claim.
|
||
|
* Feature: @Glowsome - Added acr_values support & verification checks that it when defined in options is honored.
|
||
|
* Fix: @timnolte - Fixed regression which caused improper fallback on missing claims.
|
||
|
* Fix: @slykar - Fixed missing query string handling in redirect URL.
|
||
|
* Fix: @timnolte - Fixed issue with some user linking and user creation handling.
|
||
|
* Improvement: @timnolte - Fixed plugin settings typos and screen formatting.
|
||
|
* Security: @timnolte - Updated build tooling security vulnerabilities.
|
||
|
* Improvement: @timnolte - Changed build tooling scripts.
|
||
|
|
||
|
### 3.8.5 ###
|
||
|
|
||
|
* Fix: @timnolte - Fixed missing URL request validation before use & ensure proper current page URL is setup for Redirect Back.
|
||
|
* Fix: @timnolte - Fixed Redirect URL Logic to Handle Sub-directory Installs.
|
||
|
* Fix: @timnolte - Fixed issue with redirecting user back when the openid_connect_generic_auth_url shortcode is used.
|
||
|
|
||
|
### 3.8.4 ###
|
||
|
|
||
|
* Fix: @timnolte - Fixed invalid State object access for redirection handling.
|
||
|
* Improvement: @timnolte - Fixed local wp-env Docker development environment.
|
||
|
* Improvement: @timnolte - Fixed Composer scripts for linting and static analysis.
|
||
|
|
||
|
### 3.8.3 ###
|
||
|
|
||
|
* Fix: @timnolte - Fixed problems with proper redirect handling.
|
||
|
* Improvement: @timnolte - Changes redirect handling to use State instead of cookies.
|
||
|
* Improvement: @timnolte - Refactored additional code to meet coding standards.
|
||
|
|
||
|
### 3.8.2 ###
|
||
|
|
||
|
* Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.
|
||
|
|
||
|
### 3.8.1 ###
|
||
|
|
||
|
* Fix: @timnolte - Prevent SSO redirect on password protected posts.
|
||
|
* Fix: @timnolte - CI/CD build issues.
|
||
|
* Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.
|
||
|
|
||
|
### 3.8.0 ###
|
||
|
|
||
|
* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
|
||
|
* Improvement: @timnolte - Plugin development & contribution updates.
|
||
|
* Improvement: @timnolte - Refactored to meet WordPress coding standards.
|
||
|
* Improvement: @timnolte - Refactored to provide localization.
|
||
|
|
||
|
--------
|
||
|
|
||
|
[See the previous changelogs here](https://github.com/oidc-wp/openid-connect-generic/blob/main/CHANGELOG.md#changelog)
|