+ | + + + + |
---|---|
+
+
+
+
+
+
+
+
+
+
+ user_login : '0' ); ?>
+
+
+
+
+
+
+
+
+
+ |
+ + |
)
+ */
+ $fields = array(
+ 'login_type' => array(
+ 'title' => __( 'Login Type', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Select how the client (login form) should provide login options.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'select',
+ 'options' => array(
+ 'button' => __( 'OpenID Connect button on login form', 'daggerhart-openid-connect-generic' ),
+ 'auto' => __( 'Auto Login - SSO', 'daggerhart-openid-connect-generic' ),
+ ),
+ 'disabled' => defined( 'OIDC_LOGIN_TYPE' ),
+ 'section' => 'client_settings',
+ ),
+ 'client_id' => array(
+ 'title' => __( 'Client ID', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'The ID this client will be recognized as when connecting the to Identity provider server.', 'daggerhart-openid-connect-generic' ),
+ 'example' => 'my-wordpress-client-id',
+ 'type' => 'text',
+ 'disabled' => defined( 'OIDC_CLIENT_ID' ),
+ 'section' => 'client_settings',
+ ),
+ 'client_secret' => array(
+ 'title' => __( 'Client Secret Key', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Arbitrary secret key the server expects from this client. Can be anything, but should be very unique.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'text',
+ 'disabled' => defined( 'OIDC_CLIENT_SECRET' ),
+ 'section' => 'client_settings',
+ ),
+ 'scope' => array(
+ 'title' => __( 'OpenID Scope', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Space separated list of scopes this client should access.', 'daggerhart-openid-connect-generic' ),
+ 'example' => 'email profile openid offline_access',
+ 'type' => 'text',
+ 'disabled' => defined( 'OIDC_CLIENT_SCOPE' ),
+ 'section' => 'client_settings',
+ ),
+ 'endpoint_login' => array(
+ 'title' => __( 'Login Endpoint URL', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Identify provider authorization endpoint.', 'daggerhart-openid-connect-generic' ),
+ 'example' => 'https://example.com/oauth2/authorize',
+ 'type' => 'text',
+ 'disabled' => defined( 'OIDC_ENDPOINT_LOGIN_URL' ),
+ 'section' => 'client_settings',
+ ),
+ 'endpoint_userinfo' => array(
+ 'title' => __( 'Userinfo Endpoint URL', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Identify provider User information endpoint.', 'daggerhart-openid-connect-generic' ),
+ 'example' => 'https://example.com/oauth2/UserInfo',
+ 'type' => 'text',
+ 'disabled' => defined( 'OIDC_ENDPOINT_USERINFO_URL' ),
+ 'section' => 'client_settings',
+ ),
+ 'endpoint_token' => array(
+ 'title' => __( 'Token Validation Endpoint URL', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Identify provider token endpoint.', 'daggerhart-openid-connect-generic' ),
+ 'example' => 'https://example.com/oauth2/token',
+ 'type' => 'text',
+ 'disabled' => defined( 'OIDC_ENDPOINT_TOKEN_URL' ),
+ 'section' => 'client_settings',
+ ),
+ 'endpoint_end_session' => array(
+ 'title' => __( 'End Session Endpoint URL', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Identify provider logout endpoint.', 'daggerhart-openid-connect-generic' ),
+ 'example' => 'https://example.com/oauth2/logout',
+ 'type' => 'text',
+ 'disabled' => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ),
+ 'section' => 'client_settings',
+ ),
+ 'acr_values' => array(
+ 'title' => __( 'ACR values', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Use a specific defined authentication contract from the IDP - optional.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'text',
+ 'disabled' => defined( 'OIDC_ACR_VALUES' ),
+ 'section' => 'client_settings',
+ ),
+ 'identity_key' => array(
+ 'title' => __( 'Identity Key', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Where in the user claim array to find the user\'s identification data. Possible standard values: preferred_username, name, or sub. If you\'re having trouble, use "sub".', 'daggerhart-openid-connect-generic' ),
+ 'example' => 'preferred_username',
+ 'type' => 'text',
+ 'section' => 'client_settings',
+ ),
+ 'no_sslverify' => array(
+ 'title' => __( 'Disable SSL Verify', 'daggerhart-openid-connect-generic' ),
+ // translators: %1$s HTML tags for layout/styles, %2$s closing HTML tag for styles.
+ 'description' => sprintf( __( 'Do not require SSL verification during authorization. The OAuth extension uses curl to make the request. By default CURL will generally verify the SSL certificate to see if its valid an issued by an accepted CA. This setting disabled that verification.%1$sNot recommended for production sites.%2$s', 'daggerhart-openid-connect-generic' ), '
', '' ),
+ 'type' => 'checkbox',
+ 'section' => 'client_settings',
+ ),
+ 'http_request_timeout' => array(
+ 'title' => __( 'HTTP Request Timeout', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Set the timeout for requests made to the IDP. Default value is 5.', 'daggerhart-openid-connect-generic' ),
+ 'example' => 30,
+ 'type' => 'text',
+ 'section' => 'client_settings',
+ ),
+ 'enforce_privacy' => array(
+ 'title' => __( 'Enforce Privacy', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Require users be logged in to see the site.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'checkbox',
+ 'disabled' => defined( 'OIDC_ENFORCE_PRIVACY' ),
+ 'section' => 'authorization_settings',
+ ),
+ 'alternate_redirect_uri' => array(
+ 'title' => __( 'Alternate Redirect URI', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Provide an alternative redirect route. Useful if your server is causing issues with the default admin-ajax method. You must flush rewrite rules after changing this setting. This can be done by saving the Permalinks settings page.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'checkbox',
+ 'section' => 'authorization_settings',
+ ),
+ 'nickname_key' => array(
+ 'title' => __( 'Nickname Key', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Where in the user claim array to find the user\'s nickname. Possible standard values: preferred_username, name, or sub.', 'daggerhart-openid-connect-generic' ),
+ 'example' => 'preferred_username',
+ 'type' => 'text',
+ 'section' => 'client_settings',
+ ),
+ 'email_format' => array(
+ 'title' => __( 'Email Formatting', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'String from which the user\'s email address is built. Specify "{email}" as long as the user claim contains an email claim.', 'daggerhart-openid-connect-generic' ),
+ 'example' => '{email}',
+ 'type' => 'text',
+ 'section' => 'client_settings',
+ ),
+ 'displayname_format' => array(
+ 'title' => __( 'Display Name Formatting', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'String from which the user\'s display name is built.', 'daggerhart-openid-connect-generic' ),
+ 'example' => '{given_name} {family_name}',
+ 'type' => 'text',
+ 'section' => 'client_settings',
+ ),
+ 'identify_with_username' => array(
+ 'title' => __( 'Identify with User Name', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'If checked, the user\'s identity will be determined by the user name instead of the email address.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'checkbox',
+ 'section' => 'client_settings',
+ ),
+ 'state_time_limit' => array(
+ 'title' => __( 'State time limit', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'State valid time in seconds. Defaults to 180', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'number',
+ 'section' => 'client_settings',
+ ),
+ 'token_refresh_enable' => array(
+ 'title' => __( 'Enable Refresh Token', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'If checked, support refresh tokens used to obtain access tokens from supported IDPs.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'checkbox',
+ 'section' => 'client_settings',
+ ),
+ 'link_existing_users' => array(
+ 'title' => __( 'Link Existing Users', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'If a WordPress account already exists with the same identity as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'checkbox',
+ 'disabled' => defined( 'OIDC_LINK_EXISTING_USERS' ),
+ 'section' => 'user_settings',
+ ),
+ 'create_if_does_not_exist' => array(
+ 'title' => __( 'Create user if does not exist', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'If the user identity is not linked to an existing WordPress user, it is created. If this setting is not enabled, and if the user authenticates with an account which is not linked to an existing WordPress user, then the authentication will fail.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'checkbox',
+ 'disabled' => defined( 'OIDC_CREATE_IF_DOES_NOT_EXIST' ),
+ 'section' => 'user_settings',
+ ),
+ 'redirect_user_back' => array(
+ 'title' => __( 'Redirect Back to Origin Page', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'After a successful OpenID Connect authentication, this will redirect the user back to the page on which they clicked the OpenID Connect login button. This will cause the login process to proceed in a traditional WordPress fashion. For example, users logging in through the default wp-login.php page would end up on the WordPress Dashboard and users logging in through the WooCommerce "My Account" page would end up on their account page.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'checkbox',
+ 'disabled' => defined( 'OIDC_REDIRECT_USER_BACK' ),
+ 'section' => 'user_settings',
+ ),
+ 'redirect_on_logout' => array(
+ 'title' => __( 'Redirect to the login screen when session is expired', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'When enabled, this will automatically redirect the user back to the WordPress login page if their access token has expired.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'checkbox',
+ 'disabled' => defined( 'OIDC_REDIRECT_ON_LOGOUT' ),
+ 'section' => 'user_settings',
+ ),
+ 'enable_logging' => array(
+ 'title' => __( 'Enable Logging', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Very simple log messages for debugging purposes.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'checkbox',
+ 'disabled' => defined( 'OIDC_ENABLE_LOGGING' ),
+ 'section' => 'log_settings',
+ ),
+ 'log_limit' => array(
+ 'title' => __( 'Log Limit', 'daggerhart-openid-connect-generic' ),
+ 'description' => __( 'Number of items to keep in the log. These logs are stored as an option in the database, so space is limited.', 'daggerhart-openid-connect-generic' ),
+ 'type' => 'number',
+ 'disabled' => defined( 'OIDC_LOG_LIMIT' ),
+ 'section' => 'log_settings',
+ ),
+ );
+
+ return apply_filters( 'openid-connect-generic-settings-fields', $fields );
+ }
+
+ /**
+ * Sanitization callback for settings/option page.
+ *
+ * @param array $input The submitted settings values.
+ *
+ * @return array
+ */
+ public function sanitize_settings( $input ) {
+ $options = array();
+
+ // Loop through settings fields to control what we're saving.
+ foreach ( $this->settings_fields as $key => $field ) {
+ if ( isset( $input[ $key ] ) ) {
+ $options[ $key ] = sanitize_text_field( trim( $input[ $key ] ) );
+ } else {
+ $options[ $key ] = '';
+ }
+ }
+
+ return $options;
+ }
+
+ /**
+ * Output the options/settings page.
+ *
+ * @return void
+ */
+ public function settings_page() {
+ wp_enqueue_style( 'daggerhart-openid-connect-generic-admin', plugin_dir_url( __DIR__ ) . 'css/styles-admin.css', array(), OpenID_Connect_Generic::VERSION, 'all' );
+
+ $redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
+
+ if ( $this->settings->alternate_redirect_uri ) {
+ $redirect_uri = site_url( '/openid-connect-authorize' );
+ }
+ ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+ [openid_connect_generic_login_button]
+
+
+
+ [openid_connect_generic_auth_url]
+
+
+ settings->enable_logging ) { ?>
+
+
+ logger->get_logs_table() ); ?>
+
+
+
+
+
+
+ value="settings->{ $field['key'] } ); ?>">
+ do_field_description( $field );
+ }
+
+ /**
+ * Output a checkbox for a boolean setting.
+ * - hidden field is default value so we don't have to check isset() on save.
+ *
+ * @param array $field The settings field definition array.
+ *
+ * @return void
+ */
+ public function do_checkbox( $field ) {
+ $hidden_value = 0;
+ if ( ! empty( $field['disabled'] ) && boolval( $field['disabled'] ) === true ) {
+ $hidden_value = intval( $this->settings->{ $field['key'] } );
+ }
+ ?>
+
+
+ value="1"
+ settings->{ $field['key'] }, 1 ); ?>>
+ do_field_description( $field );
+ }
+
+ /**
+ * Output a select control.
+ *
+ * @param array $field The settings field definition array.
+ *
+ * @return void
+ */
+ public function do_select( $field ) {
+ $current_value = isset( $this->settings->{ $field['key'] } ) ? $this->settings->{ $field['key'] } : '';
+ ?>
+
+ do_field_description( $field );
+ }
+
+ /**
+ * Output the field description, and example if present.
+ *
+ * @param array $field The settings field definition array.
+ *
+ * @return void
+ */
+ public function do_field_description( $field ) {
+ ?>
+
+
+
+
:
+
+
+
+ \n"
+"Language-Team: LANGUAGE \n"
+"Language: en\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Poedit-Country: United States\n"
+"X-Poedit-SourceCharset: UTF-8\n"
+"X-Poedit-KeywordsList: "
+"__;_e;_x:1,2c;_ex:1,2c;_n:1,2;_nx:1,2,4c;_n_noop:1,2;_nx_noop:1,2,3c;esc_"
+"attr__;esc_html__;esc_attr_e;esc_html_e;esc_attr_x:1,2c;esc_html_x:1,2c;\n"
+"X-Poedit-Basepath: ../\n"
+"X-Poedit-SearchPath-0: .\n"
+"X-Poedit-Bookmarks: \n"
+"X-Textdomain-Support: yes\n"
+"X-Generator: grunt-wp-i18n 1.0.3\n"
+
+#: includes/openid-connect-generic-client-wrapper.php:293
+msgid "Session expired. Please login again."
+msgstr ""
+
+#: includes/openid-connect-generic-client-wrapper.php:540
+msgid "User identity is not linked to an existing WordPress user."
+msgstr ""
+
+#: includes/openid-connect-generic-client-wrapper.php:598
+msgid "Invalid user."
+msgstr ""
+
+#: includes/openid-connect-generic-client-wrapper.php:816
+msgid "No appropriate username found."
+msgstr ""
+
+#: includes/openid-connect-generic-client-wrapper.php:826
+#. translators: %1$s is the santitized version of the username from the IDP.
+msgid "Username %1$s could not be sanitized."
+msgstr ""
+
+#: includes/openid-connect-generic-client-wrapper.php:848
+#. translators: %1$s is the configured User Claim nickname key.
+msgid "No nickname found in user claim using key: %1$s."
+msgstr ""
+
+#: includes/openid-connect-generic-client-wrapper.php:945
+msgid "User claim incomplete."
+msgstr ""
+
+#: includes/openid-connect-generic-client-wrapper.php:1048
+msgid "Bad user claim result."
+msgstr ""
+
+#: includes/openid-connect-generic-client-wrapper.php:1114
+msgid "Can not authorize."
+msgstr ""
+
+#: includes/openid-connect-generic-client-wrapper.php:1143
+msgid "Failed user creation."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:176
+msgid "Missing state."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:180
+msgid "Invalid state."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:195
+msgid "Missing authentication code."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:240
+msgid "Request for authentication token failed."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:273
+msgid "Refresh token failed."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:288
+msgid "Missing token body."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:296
+msgid "Invalid token."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:349
+msgid "Request for userinfo failed."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:409
+msgid "Missing authentication state."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:446
+msgid "No identity token."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:453
+msgid "Missing identity token."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:480
+msgid "Bad ID token claim."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:485
+msgid "No subject identity."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:491
+msgid "No matching acr values."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:511
+msgid "Bad user claim."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:531
+msgid "Invalid user claim."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:536
+msgid "Error from the IDP."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:545
+msgid "Incorrect user claim."
+msgstr ""
+
+#: includes/openid-connect-generic-client.php:552
+msgid "Unauthorized access."
+msgstr ""
+
+#: includes/openid-connect-generic-login-form.php:122
+#. translators: %1$s is the error code from the IDP.
+msgid "ERROR (%1$s)"
+msgstr ""
+
+#: includes/openid-connect-generic-login-form.php:141
+msgid "Login with OpenID Connect"
+msgstr ""
+
+#: includes/openid-connect-generic-option-logger.php:228
+msgid "Details"
+msgstr ""
+
+#: includes/openid-connect-generic-option-logger.php:229
+msgid "Data"
+msgstr ""
+
+#: includes/openid-connect-generic-option-logger.php:236
+msgid "Date"
+msgstr ""
+
+#: includes/openid-connect-generic-option-logger.php:240
+msgid "Type"
+msgstr ""
+
+#: includes/openid-connect-generic-option-logger.php:244
+msgid "User"
+msgstr ""
+
+#: includes/openid-connect-generic-option-logger.php:248
+msgid "URI "
+msgstr ""
+
+#: includes/openid-connect-generic-option-logger.php:252
+msgid "Response Time (sec)"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:108
+msgid "OpenID Connect - Generic Client"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:109
+msgid "OpenID Connect Client"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:133
+msgid "Client Settings"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:140
+msgid "WordPress User Settings"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:147
+msgid "Authorization Settings"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:154
+msgid "Log Settings"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:212
+msgid "Login Type"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:213
+msgid "Select how the client (login form) should provide login options."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:216
+msgid "OpenID Connect button on login form"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:217
+msgid "Auto Login - SSO"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:223
+msgid "Client ID"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:224
+msgid ""
+"The ID this client will be recognized as when connecting the to Identity "
+"provider server."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:231
+msgid "Client Secret Key"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:232
+msgid ""
+"Arbitrary secret key the server expects from this client. Can be anything, "
+"but should be very unique."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:238
+msgid "OpenID Scope"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:239
+msgid "Space separated list of scopes this client should access."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:246
+msgid "Login Endpoint URL"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:247
+msgid "Identify provider authorization endpoint."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:254
+msgid "Userinfo Endpoint URL"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:255
+msgid "Identify provider User information endpoint."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:262
+msgid "Token Validation Endpoint URL"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:263
+msgid "Identify provider token endpoint."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:270
+msgid "End Session Endpoint URL"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:271
+msgid "Identify provider logout endpoint."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:278
+msgid "ACR values"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:279
+msgid "Use a specific defined authentication contract from the IDP - optional."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:285
+msgid "Identity Key"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:286
+msgid ""
+"Where in the user claim array to find the user's identification data. "
+"Possible standard values: preferred_username, name, or sub. If you're "
+"having trouble, use \"sub\"."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:292
+msgid "Disable SSL Verify"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:294
+#. translators: %1$s HTML tags for layout/styles, %2$s closing HTML tag for
+#. styles.
+msgid ""
+"Do not require SSL verification during authorization. The OAuth extension "
+"uses curl to make the request. By default CURL will generally verify the "
+"SSL certificate to see if its valid an issued by an accepted CA. This "
+"setting disabled that verification.%1$sNot recommended for production "
+"sites.%2$s"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:299
+msgid "HTTP Request Timeout"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:300
+msgid "Set the timeout for requests made to the IDP. Default value is 5."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:306
+msgid "Enforce Privacy"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:307
+msgid "Require users be logged in to see the site."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:313
+msgid "Alternate Redirect URI"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:314
+msgid ""
+"Provide an alternative redirect route. Useful if your server is causing "
+"issues with the default admin-ajax method. You must flush rewrite rules "
+"after changing this setting. This can be done by saving the Permalinks "
+"settings page."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:319
+msgid "Nickname Key"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:320
+msgid ""
+"Where in the user claim array to find the user's nickname. Possible "
+"standard values: preferred_username, name, or sub."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:326
+msgid "Email Formatting"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:327
+msgid ""
+"String from which the user's email address is built. Specify \"{email}\" as "
+"long as the user claim contains an email claim."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:333
+msgid "Display Name Formatting"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:334
+msgid "String from which the user's display name is built."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:340
+msgid "Identify with User Name"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:341
+msgid ""
+"If checked, the user's identity will be determined by the user name instead "
+"of the email address."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:346
+msgid "State time limit"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:347
+msgid "State valid time in seconds. Defaults to 180"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:352
+msgid "Enable Refresh Token"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:353
+msgid ""
+"If checked, support refresh tokens used to obtain access tokens from "
+"supported IDPs."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:358
+msgid "Link Existing Users"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:359
+msgid ""
+"If a WordPress account already exists with the same identity as a "
+"newly-authenticated user over OpenID Connect, login as that user instead of "
+"generating an error."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:365
+msgid "Create user if does not exist"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:366
+msgid ""
+"If the user identity is not linked to an existing WordPress user, it is "
+"created. If this setting is not enabled, and if the user authenticates with "
+"an account which is not linked to an existing WordPress user, then the "
+"authentication will fail."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:372
+msgid "Redirect Back to Origin Page"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:373
+msgid ""
+"After a successful OpenID Connect authentication, this will redirect the "
+"user back to the page on which they clicked the OpenID Connect login "
+"button. This will cause the login process to proceed in a traditional "
+"WordPress fashion. For example, users logging in through the default "
+"wp-login.php page would end up on the WordPress Dashboard and users logging "
+"in through the WooCommerce \"My Account\" page would end up on their "
+"account page."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:379
+msgid "Redirect to the login screen when session is expired"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:380
+msgid ""
+"When enabled, this will automatically redirect the user back to the "
+"WordPress login page if their access token has expired."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:386
+msgid "Enable Logging"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:387
+msgid "Very simple log messages for debugging purposes."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:393
+msgid "Log Limit"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:394
+msgid ""
+"Number of items to keep in the log. These logs are stored as an option in "
+"the database, so space is limited."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:456
+msgid "Notes"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:459
+msgid "Redirect URI"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:463
+msgid "Login Button Shortcode"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:467
+msgid "Authentication URL Shortcode"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:472
+msgid "Logs"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:561
+msgid "Example"
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:574
+msgid "Enter your OpenID Connect identity provider settings."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:583
+msgid "Modify the interaction between OpenID Connect and WordPress users."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:592
+msgid "Control the authorization mechanics of the site."
+msgstr ""
+
+#: includes/openid-connect-generic-settings-page.php:601
+msgid "Log information about login attempts through OpenID Connect Generic."
+msgstr ""
+
+#: openid-connect-generic.php:242
+msgid "Private site"
+msgstr ""
+
+#. Plugin Name of the plugin/theme
+msgid "OpenID Connect Generic"
+msgstr ""
+
+#. Plugin URI of the plugin/theme
+msgid "https://github.com/daggerhart/openid-connect-generic"
+msgstr ""
+
+#. Description of the plugin/theme
+msgid ""
+"Connect to an OpenID Connect identity provider using Authorization Code "
+"Flow."
+msgstr ""
+
+#. Author of the plugin/theme
+msgid "daggerhart"
+msgstr ""
+
+#. Author URI of the plugin/theme
+msgid "http://www.daggerhart.com"
+msgstr ""
\ No newline at end of file
diff --git a/wp-content/plugins/openid-connect-generic/openid-connect-generic.php b/wp-content/plugins/openid-connect-generic/openid-connect-generic.php
new file mode 100644
index 00000000..bcf67390
--- /dev/null
+++ b/wp-content/plugins/openid-connect-generic/openid-connect-generic.php
@@ -0,0 +1,434 @@
+
+ * @copyright 2015-2023 daggerhart
+ * @license http://www.gnu.org/licenses/gpl-2.0.txt GPL-2.0+
+ * @link https://github.com/daggerhart
+ *
+ * @wordpress-plugin
+ * Plugin Name: OpenID Connect Generic
+ * Plugin URI: https://github.com/daggerhart/openid-connect-generic
+ * Description: Connect to an OpenID Connect identity provider using Authorization Code Flow.
+ * Version: 3.10.0
+ * Requires at least: 5.0
+ * Requires PHP: 7.4
+ * Author: daggerhart
+ * Author URI: http://www.daggerhart.com
+ * Text Domain: daggerhart-openid-connect-generic
+ * Domain Path: /languages
+ * License: GPL-2.0+
+ * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
+ * GitHub Plugin URI: https://github.com/daggerhart/openid-connect-generic
+ */
+
+/*
+Notes
+ Spec Doc - http://openid.net/specs/openid-connect-basic-1_0-32.html
+
+ Filters
+ - openid-connect-generic-alter-request - 3 args: request array, plugin settings, specific request op
+ - openid-connect-generic-settings-fields - modify the fields provided on the settings page
+ - openid-connect-generic-login-button-text - modify the login button text
+ - openid-connect-generic-cookie-redirect-url - modify the redirect url stored as a cookie
+ - openid-connect-generic-user-login-test - (bool) should the user be logged in based on their claim
+ - openid-connect-generic-user-creation-test - (bool) should the user be created based on their claim
+ - openid-connect-generic-auth-url - modify the authentication url
+ - openid-connect-generic-alter-user-claim - modify the user_claim before a new user is created
+ - openid-connect-generic-alter-user-data - modify user data before a new user is created
+ - openid-connect-modify-token-response-before-validation - modify the token response before validation
+ - openid-connect-modify-id-token-claim-before-validation - modify the token claim before validation
+
+ Actions
+ - openid-connect-generic-user-create - 2 args: fires when a new user is created by this plugin
+ - openid-connect-generic-user-update - 1 arg: user ID, fires when user is updated by this plugin
+ - openid-connect-generic-update-user-using-current-claim - 2 args: fires every time an existing user logs in and the claims are updated.
+ - openid-connect-generic-redirect-user-back - 2 args: $redirect_url, $user. Allows interruption of redirect during login.
+ - openid-connect-generic-user-logged-in - 1 arg: $user, fires when user is logged in.
+ - openid-connect-generic-cron-daily - daily cron action
+ - openid-connect-generic-state-not-found - the given state does not exist in the database, regardless of its expiration.
+ - openid-connect-generic-state-expired - the given state exists, but expired before this login attempt.
+
+ Callable actions
+
+ User Meta
+ - openid-connect-generic-subject-identity - the identity of the user provided by the idp
+ - openid-connect-generic-last-id-token-claim - the user's most recent id_token claim, decoded
+ - openid-connect-generic-last-user-claim - the user's most recent user_claim
+ - openid-connect-generic-last-token-response - the user's most recent token response
+
+ Options
+ - openid_connect_generic_settings - plugin settings
+ - openid-connect-generic-valid-states - locally stored generated states
+*/
+
+
+/**
+ * OpenID_Connect_Generic class.
+ *
+ * Defines plugin initialization functionality.
+ *
+ * @package OpenID_Connect_Generic
+ * @category General
+ */
+class OpenID_Connect_Generic {
+
+ /**
+ * Singleton instance of self
+ *
+ * @var OpenID_Connect_Generic
+ */
+ protected static $_instance = null;
+
+ /**
+ * Plugin version.
+ *
+ * @var string
+ */
+ const VERSION = '3.10.0';
+
+ /**
+ * Plugin settings.
+ *
+ * @var OpenID_Connect_Generic_Option_Settings
+ */
+ private $settings;
+
+ /**
+ * Plugin logs.
+ *
+ * @var OpenID_Connect_Generic_Option_Logger
+ */
+ private $logger;
+
+ /**
+ * Openid Connect Generic client
+ *
+ * @var OpenID_Connect_Generic_Client
+ */
+ private $client;
+
+ /**
+ * Client wrapper.
+ *
+ * @var OpenID_Connect_Generic_Client_Wrapper
+ */
+ public $client_wrapper;
+
+ /**
+ * Setup the plugin
+ *
+ * @param OpenID_Connect_Generic_Option_Settings $settings The settings object.
+ * @param OpenID_Connect_Generic_Option_Logger $logger The loggin object.
+ *
+ * @return void
+ */
+ public function __construct( OpenID_Connect_Generic_Option_Settings $settings, OpenID_Connect_Generic_Option_Logger $logger ) {
+ $this->settings = $settings;
+ $this->logger = $logger;
+ self::$_instance = $this;
+ }
+
+ // @codeCoverageIgnoreStart
+
+ /**
+ * WordPress Hook 'init'.
+ *
+ * @return void
+ */
+ public function init() {
+
+ $this->client = new OpenID_Connect_Generic_Client(
+ $this->settings->client_id,
+ $this->settings->client_secret,
+ $this->settings->scope,
+ $this->settings->endpoint_login,
+ $this->settings->endpoint_userinfo,
+ $this->settings->endpoint_token,
+ $this->get_redirect_uri( $this->settings ),
+ $this->settings->acr_values,
+ $this->get_state_time_limit( $this->settings ),
+ $this->logger
+ );
+
+ $this->client_wrapper = OpenID_Connect_Generic_Client_Wrapper::register( $this->client, $this->settings, $this->logger );
+ if ( defined( 'WP_CLI' ) && WP_CLI ) {
+ return;
+ }
+
+ OpenID_Connect_Generic_Login_Form::register( $this->settings, $this->client_wrapper );
+
+ // Add a shortcode to get the auth URL.
+ add_shortcode( 'openid_connect_generic_auth_url', array( $this->client_wrapper, 'get_authentication_url' ) );
+
+ // Add actions to our scheduled cron jobs.
+ add_action( 'openid-connect-generic-cron-daily', array( $this, 'cron_states_garbage_collection' ) );
+
+ $this->upgrade();
+
+ if ( is_admin() ) {
+ OpenID_Connect_Generic_Settings_Page::register( $this->settings, $this->logger );
+ }
+ }
+
+ /**
+ * Get the default redirect URI.
+ *
+ * @param OpenID_Connect_Generic_Option_Settings $settings The settings object.
+ *
+ * @return string
+ */
+ public function get_redirect_uri( OpenID_Connect_Generic_Option_Settings $settings ) {
+ $redirect_uri = admin_url( 'admin-ajax.php?action=openid-connect-authorize' );
+
+ if ( $settings->alternate_redirect_uri ) {
+ $redirect_uri = site_url( '/openid-connect-authorize' );
+ }
+
+ return $redirect_uri;
+ }
+
+ /**
+ * Get the default state time limit.
+ *
+ * @param OpenID_Connect_Generic_Option_Settings $settings The settings object.
+ *
+ * @return int
+ */
+ public function get_state_time_limit( OpenID_Connect_Generic_Option_Settings $settings ) {
+ $state_time_limit = 180;
+ // State time limit cannot be zero.
+ if ( $settings->state_time_limit ) {
+ $state_time_limit = intval( $settings->state_time_limit );
+ }
+
+ return $state_time_limit;
+ }
+
+ /**
+ * Check if privacy enforcement is enabled, and redirect users that aren't
+ * logged in.
+ *
+ * @return void
+ */
+ public function enforce_privacy_redirect() {
+ if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
+ // The client endpoint relies on the wp-admin ajax endpoint.
+ if (
+ ! defined( 'DOING_AJAX' ) ||
+ ! boolval( constant( 'DOING_AJAX' ) ) ||
+ ! isset( $_GET['action'] ) ||
+ 'openid-connect-authorize' != $_GET['action'] ) {
+ auth_redirect();
+ }
+ }
+ }
+
+ /**
+ * Enforce privacy settings for rss feeds.
+ *
+ * @param string $content The content.
+ *
+ * @return mixed
+ */
+ public function enforce_privacy_feeds( $content ) {
+ if ( $this->settings->enforce_privacy && ! is_user_logged_in() ) {
+ $content = __( 'Private site', 'daggerhart-openid-connect-generic' );
+ }
+ return $content;
+ }
+
+ /**
+ * Handle plugin upgrades
+ *
+ * @return void
+ */
+ public function upgrade() {
+ $last_version = get_option( 'openid-connect-generic-plugin-version', 0 );
+ $settings = $this->settings;
+
+ if ( version_compare( self::VERSION, $last_version, '>' ) ) {
+ // An upgrade is required.
+ self::setup_cron_jobs();
+
+ // @todo move this to another file for upgrade scripts
+ if ( isset( $settings->ep_login ) ) {
+ $settings->endpoint_login = $settings->ep_login;
+ $settings->endpoint_token = $settings->ep_token;
+ $settings->endpoint_userinfo = $settings->ep_userinfo;
+
+ unset( $settings->ep_login, $settings->ep_token, $settings->ep_userinfo );
+ $settings->save();
+ }
+
+ // Update the stored version number.
+ update_option( 'openid-connect-generic-plugin-version', self::VERSION );
+ }
+ }
+
+ /**
+ * Expire state transients by attempting to access them and allowing the
+ * transient's own mechanisms to delete any that have expired.
+ *
+ * @return void
+ */
+ public function cron_states_garbage_collection() {
+ global $wpdb;
+ $states = $wpdb->get_col( "SELECT `option_name` FROM {$wpdb->options} WHERE `option_name` LIKE '_transient_openid-connect-generic-state--%'" );
+
+ if ( ! empty( $states ) ) {
+ foreach ( $states as $state ) {
+ $transient = str_replace( '_transient_', '', $state );
+ get_transient( $transient );
+ }
+ }
+ }
+
+ /**
+ * Ensure cron jobs are added to the schedule.
+ *
+ * @return void
+ */
+ public static function setup_cron_jobs() {
+ if ( ! wp_next_scheduled( 'openid-connect-generic-cron-daily' ) ) {
+ wp_schedule_event( time(), 'daily', 'openid-connect-generic-cron-daily' );
+ }
+ }
+
+ /**
+ * Activation hook.
+ *
+ * @return void
+ */
+ public static function activation() {
+ self::setup_cron_jobs();
+ }
+
+ /**
+ * Deactivation hook.
+ *
+ * @return void
+ */
+ public static function deactivation() {
+ wp_clear_scheduled_hook( 'openid-connect-generic-cron-daily' );
+ }
+
+ /**
+ * Simple autoloader.
+ *
+ * @param string $class The class name.
+ *
+ * @return void
+ */
+ public static function autoload( $class ) {
+ $prefix = 'OpenID_Connect_Generic_';
+
+ if ( stripos( $class, $prefix ) !== 0 ) {
+ return;
+ }
+
+ $filename = $class . '.php';
+
+ // Internal files are all lowercase and use dashes in filenames.
+ if ( false === strpos( $filename, '\\' ) ) {
+ $filename = strtolower( str_replace( '_', '-', $filename ) );
+ } else {
+ $filename = str_replace( '\\', DIRECTORY_SEPARATOR, $filename );
+ }
+
+ $filepath = __DIR__ . '/includes/' . $filename;
+
+ if ( file_exists( $filepath ) ) {
+ require_once $filepath;
+ }
+ }
+
+ /**
+ * Instantiate the plugin and hook into WordPress.
+ *
+ * @return void
+ */
+ public static function bootstrap() {
+ /**
+ * This is a documented valid call for spl_autoload_register.
+ *
+ * @link https://www.php.net/manual/en/function.spl-autoload-register.php#71155
+ */
+ spl_autoload_register( array( 'OpenID_Connect_Generic', 'autoload' ) );
+
+ $settings = new OpenID_Connect_Generic_Option_Settings(
+ // Default settings values.
+ array(
+ // OAuth client settings.
+ 'login_type' => defined( 'OIDC_LOGIN_TYPE' ) ? OIDC_LOGIN_TYPE : 'button',
+ 'client_id' => defined( 'OIDC_CLIENT_ID' ) ? OIDC_CLIENT_ID : '',
+ 'client_secret' => defined( 'OIDC_CLIENT_SECRET' ) ? OIDC_CLIENT_SECRET : '',
+ 'scope' => defined( 'OIDC_CLIENT_SCOPE' ) ? OIDC_CLIENT_SCOPE : '',
+ 'endpoint_login' => defined( 'OIDC_ENDPOINT_LOGIN_URL' ) ? OIDC_ENDPOINT_LOGIN_URL : '',
+ 'endpoint_userinfo' => defined( 'OIDC_ENDPOINT_USERINFO_URL' ) ? OIDC_ENDPOINT_USERINFO_URL : '',
+ 'endpoint_token' => defined( 'OIDC_ENDPOINT_TOKEN_URL' ) ? OIDC_ENDPOINT_TOKEN_URL : '',
+ 'endpoint_end_session' => defined( 'OIDC_ENDPOINT_LOGOUT_URL' ) ? OIDC_ENDPOINT_LOGOUT_URL : '',
+ 'acr_values' => defined( 'OIDC_ACR_VALUES' ) ? OIDC_ACR_VALUES : '',
+
+ // Non-standard settings.
+ 'no_sslverify' => 0,
+ 'http_request_timeout' => 5,
+ 'identity_key' => 'preferred_username',
+ 'nickname_key' => 'preferred_username',
+ 'email_format' => '{email}',
+ 'displayname_format' => '',
+ 'identify_with_username' => false,
+ 'state_time_limit' => 180,
+
+ // Plugin settings.
+ 'enforce_privacy' => defined( 'OIDC_ENFORCE_PRIVACY' ) ? intval( OIDC_ENFORCE_PRIVACY ) : 0,
+ 'alternate_redirect_uri' => 0,
+ 'token_refresh_enable' => 1,
+ 'link_existing_users' => defined( 'OIDC_LINK_EXISTING_USERS' ) ? intval( OIDC_LINK_EXISTING_USERS ) : 0,
+ 'create_if_does_not_exist' => defined( 'OIDC_CREATE_IF_DOES_NOT_EXIST' ) ? intval( OIDC_CREATE_IF_DOES_NOT_EXIST ) : 1,
+ 'redirect_user_back' => defined( 'OIDC_REDIRECT_USER_BACK' ) ? intval( OIDC_REDIRECT_USER_BACK ) : 0,
+ 'redirect_on_logout' => defined( 'OIDC_REDIRECT_ON_LOGOUT' ) ? intval( OIDC_REDIRECT_ON_LOGOUT ) : 1,
+ 'enable_logging' => defined( 'OIDC_ENABLE_LOGGING' ) ? intval( OIDC_ENABLE_LOGGING ) : 0,
+ 'log_limit' => defined( 'OIDC_LOG_LIMIT' ) ? intval( OIDC_LOG_LIMIT ) : 1000,
+ )
+ );
+
+ $logger = new OpenID_Connect_Generic_Option_Logger( 'error', $settings->enable_logging, $settings->log_limit );
+
+ $plugin = new self( $settings, $logger );
+
+ add_action( 'init', array( $plugin, 'init' ) );
+
+ // Privacy hooks.
+ add_action( 'template_redirect', array( $plugin, 'enforce_privacy_redirect' ), 0 );
+ add_filter( 'the_content_feed', array( $plugin, 'enforce_privacy_feeds' ), 999 );
+ add_filter( 'the_excerpt_rss', array( $plugin, 'enforce_privacy_feeds' ), 999 );
+ add_filter( 'comment_text_rss', array( $plugin, 'enforce_privacy_feeds' ), 999 );
+ }
+
+ /**
+ * Create (if needed) and return a singleton of self.
+ *
+ * @return OpenID_Connect_Generic
+ */
+ public static function instance() {
+ if ( null === self::$_instance ) {
+ self::bootstrap();
+ }
+ return self::$_instance;
+ }
+}
+
+OpenID_Connect_Generic::instance();
+
+register_activation_hook( __FILE__, array( 'OpenID_Connect_Generic', 'activation' ) );
+register_deactivation_hook( __FILE__, array( 'OpenID_Connect_Generic', 'deactivation' ) );
+
+// Provide publicly accessible plugin helper functions.
+require_once 'includes/functions.php';
diff --git a/wp-content/plugins/openid-connect-generic/readme.txt b/wp-content/plugins/openid-connect-generic/readme.txt
new file mode 100644
index 00000000..f1941df6
--- /dev/null
+++ b/wp-content/plugins/openid-connect-generic/readme.txt
@@ -0,0 +1,125 @@
+=== OpenID Connect Generic Client ===
+Contributors: daggerhart, tnolte
+Donate link: http://www.daggerhart.com/
+Tags: security, login, oauth2, openidconnect, apps, authentication, autologin, sso
+Requires at least: 5.0
+Tested up to: 6.4.3
+Stable tag: 3.10.0
+Requires PHP: 7.4
+License: GPLv2 or later
+License URI: http://www.gnu.org/licenses/gpl-2.0.html
+
+A simple client that provides SSO or opt-in authentication against a generic OAuth2 Server implementation.
+
+== Description ==
+
+This plugin allows to authenticate users against OpenID Connect OAuth2 API with Authorization Code Flow.
+Once installed, it can be configured to automatically authenticate users (SSO), or provide a "Login with OpenID Connect"
+button on the login form. After consent has been obtained, an existing user is automatically logged into WordPress, while
+new users are created in WordPress database.
+
+Much of the documentation can be found on the Settings > OpenID Connect Generic dashboard page.
+
+Please submit issues to the Github repo: https://github.com/daggerhart/openid-connect-generic
+
+== Installation ==
+
+1. Upload to the `/wp-content/plugins/` directory
+1. Activate the plugin
+1. Visit Settings > OpenID Connect and configure to meet your needs
+
+== Frequently Asked Questions ==
+
+= What is the client's Redirect URI? =
+
+Most OAuth2 servers will require whitelisting a set of redirect URIs for security purposes. The Redirect URI provided
+by this client is like so: https://example.com/wp-admin/admin-ajax.php?action=openid-connect-authorize
+
+Replace `example.com` with your domain name and path to WordPress.
+
+= Can I change the client's Redirect URI? =
+
+Some OAuth2 servers do not allow for a client redirect URI to contain a query string. The default URI provided by
+this module leverages WordPress's `admin-ajax.php` endpoint as an easy way to provide a route that does not include
+HTML, but this will naturally involve a query string. Fortunately, this plugin provides a setting that will make use of
+an alternate redirect URI that does not include a query string.
+
+On the settings page for this plugin (Dashboard > Settings > OpenID Connect Generic) there is a checkbox for
+**Alternate Redirect URI**. When checked, the plugin will use the Redirect URI
+`https://example.com/openid-connect-authorize`.
+
+
+== Changelog ==
+
+= 3.10.0 =
+
+* Chore: @timnolte - Dependency updates.
+* Fix: @drzraf - Prevents running the auth url filter twice.
+* Fix: @timnolte - Updates the log cleanup handling to properly retain the configured number of log entries.
+* Fix: @timnolte - Updates the log display output to reflect the log retention policy.
+* Chore: @timnolte - Adds Unit Testing & New Local Development Environment.
+* Feature: @timnolte - Updates logging to allow for tracking processing time.
+* Feature: @menno-ll - Adds a remember me feature via a new filter.
+* Improvement: @menno-ll - Updates WP Cookie Expiration to Same as Session Length.
+
+= 3.9.1 =
+
+* Improvement: @timnolte - Refactors Composer setup and GitHub Actions.
+* Improvement: @timnolte - Bumps WordPress tested version compatibility.
+
+= 3.9.0 =
+
+* Feature: @matchaxnb - Added support for additional configuration constants.
+* Feature: @schanzen - Added support for agregated claims.
+* Fix: @rkcreation - Fixed access token not updating user metadata after login.
+* Fix: @danc1248 - Fixed user creation issue on Multisite Networks.
+* Feature: @RobjS - Added plugin singleton to support for more developer customization.
+* Feature: @jkouris - Added action hook to allow custom handling of session expiration.
+* Fix: @tommcc - Fixed admin CSS loading only on the plugin settings screen.
+* Feature: @rkcreation - Added method to refresh the user claim.
+* Feature: @Glowsome - Added acr_values support & verification checks that it when defined in options is honored.
+* Fix: @timnolte - Fixed regression which caused improper fallback on missing claims.
+* Fix: @slykar - Fixed missing query string handling in redirect URL.
+* Fix: @timnolte - Fixed issue with some user linking and user creation handling.
+* Improvement: @timnolte - Fixed plugin settings typos and screen formatting.
+* Security: @timnolte - Updated build tooling security vulnerabilities.
+* Improvement: @timnolte - Changed build tooling scripts.
+
+= 3.8.5 =
+
+* Fix: @timnolte - Fixed missing URL request validation before use & ensure proper current page URL is setup for Redirect Back.
+* Fix: @timnolte - Fixed Redirect URL Logic to Handle Sub-directory Installs.
+* Fix: @timnolte - Fixed issue with redirecting user back when the openid_connect_generic_auth_url shortcode is used.
+
+= 3.8.4 =
+
+* Fix: @timnolte - Fixed invalid State object access for redirection handling.
+* Improvement: @timnolte - Fixed local wp-env Docker development environment.
+* Improvement: @timnolte - Fixed Composer scripts for linting and static analysis.
+
+= 3.8.3 =
+
+* Fix: @timnolte - Fixed problems with proper redirect handling.
+* Improvement: @timnolte - Changes redirect handling to use State instead of cookies.
+* Improvement: @timnolte - Refactored additional code to meet coding standards.
+
+= 3.8.2 =
+
+* Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.
+
+= 3.8.1 =
+
+* Fix: @timnolte - Prevent SSO redirect on password protected posts.
+* Fix: @timnolte - CI/CD build issues.
+* Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.
+
+= 3.8.0 =
+
+* Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
+* Improvement: @timnolte - Plugin development & contribution updates.
+* Improvement: @timnolte - Refactored to meet WordPress coding standards.
+* Improvement: @timnolte - Refactored to provide localization.
+
+--------
+
+[See the previous changelogs here](https://github.com/oidc-wp/openid-connect-generic/blob/main/CHANGELOG.md#changelog)
diff --git a/wp-content/plugins/openid-connect-generic/wp-cli.yml b/wp-content/plugins/openid-connect-generic/wp-cli.yml
new file mode 100644
index 00000000..3f430d6f
--- /dev/null
+++ b/wp-content/plugins/openid-connect-generic/wp-cli.yml
@@ -0,0 +1 @@
+path: /app/wp