{"id":164430,"date":"2022-10-31T09:14:55","date_gmt":"2022-10-31T09:14:55","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/openid-connect-server\/"},"modified":"2025-04-17T11:48:06","modified_gmt":"2025-04-17T11:48:06","slug":"openid-connect-server","status":"publish","type":"plugin","link":"https:\/\/twd.wordpress.org\/plugins\/openid-connect-server\/","author":5279457,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.0.0","stable_tag":"2.0.0","tested":"6.8.5","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"OpenID Connect Server","header_author":"WordPress.Org Community","header_description":"Use OpenID Connect to log in to other webservices using your own WordPress.","assets_banners_color":"","last_updated":"2025-04-17 11:48:06","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/Automattic\/wp-openid-connect-server","header_author_uri":"https:\/\/wordpress.org\/","rating":0,"author_block_rating":0,"active_installs":100,"downloads":8005,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","changelog"],"tags":{"1.0":{"tag":"1.0","author":"ashfame","date":"2022-11-01 20:27:50"},"1.1.0":{"tag":"1.1.0","author":"ashfame","date":"2022-11-02 15:24:07"},"1.1.1":{"tag":"1.1.1","author":"ashfame","date":"2023-04-05 07:34:48"},"1.2.1":{"tag":"1.2.1","author":"psrpinto","date":"2023-05-09 10:06:28"},"1.3.0":{"tag":"1.3.0","author":"psrpinto","date":"2023-05-30 15:11:02"},"1.3.1":{"tag":"1.3.1","author":"psrpinto","date":"2023-09-14 17:06:13"},"1.3.2":{"tag":"1.3.2","author":"psrpinto","date":"2023-09-22 16:06:54"},"1.3.3":{"tag":"1.3.3","author":"psrpinto","date":"2023-12-08 09:23:08"},"1.3.4":{"tag":"1.3.4","author":"psrpinto","date":"2024-06-26 09:19:52"},"2.0.0":{"tag":"2.0.0","author":"ashfame","date":"2025-04-17 11:48:06"}},"upgrade_notice":[],"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0","1.1.0","1.1.1","1.2.1","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","2.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2061,144098,162353,6694,43290],"plugin_category":[38],"plugin_contributors":[77497,79668,215111,77594],"plugin_business_model":[],"class_list":["post-164430","plugin","type-plugin","status-publish","hentry","plugin_tags-oauth","plugin_tags-oauth-server","plugin_tags-oidc","plugin_tags-openid","plugin_tags-openid-connect","plugin_category-authentication","plugin_contributors-akirk","plugin_contributors-ashfame","plugin_contributors-psrpinto","plugin_contributors-wordpressdotorg","plugin_committers-akirk","plugin_committers-ashfame","plugin_committers-automattic","plugin_committers-psrpinto"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/openid-connect-server.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"\n

With this plugin you can use your own WordPress install to authenticate with a webservice that provides OpenID Connect<\/a> to implement Single-Sign On (SSO) for your users.<\/p>\n\n

The plugin is currently only configured using constants and hooks as follows:<\/p>\n\n

Define the RSA keys<\/h3>\n\n

If you don't have keys that you want to use yet, generate them using these commands:<\/p>\n\n

openssl genrsa -out oidc.key 4096\nopenssl rsa -in oidc.key -pubout -out public.key\n<\/code><\/pre>\n\n
And make them available to the plugin as follows (this needs to be added before WordPress loads):<\/p>\n\n
define( 'OIDC_PUBLIC_KEY', <<<OIDC_PUBLIC_KEY\n-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\nOIDC_PUBLIC_KEY\n);\n\ndefine( 'OIDC_PRIVATE_KEY', <<<OIDC_PRIVATE_KEY\n-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\nOIDC_PRIVATE_KEY\n);\n<\/code><\/pre>\n\n
Alternatively, you can also put them outside the webroot and load them from the files like this:<\/p>\n\n
define( 'OIDC_PUBLIC_KEY', file_get_contents( '\/web-inaccessible\/oidc.key' ) );\ndefine( 'OIDC_PRIVATE_KEY', file_get_contents( '\/web-inaccessible\/private.key' ) );\n<\/code><\/pre>\n\n
Define the clients<\/h3>\n\n
Define your clients by adding a filter to oidc_registered_clients<\/code> in a separate plugin file or functions.php<\/code> of your theme or in a MU-plugin like:<\/p>\n\n
add_filter( 'oidc_registered_clients', 'my_oidc_clients' );\nfunction my_oidc_clients() {\n    return array(\n        'client_id_random_string' => array(\n            'name' => 'The name of the Client',\n            'secret' => 'a secret string',\n            'redirect_uri' => 'https:\/\/example.com\/redirect.uri',\n            'grant_types' => array( 'authorization_code' ),\n            'scope' => 'openid profile',\n        ),\n    );\n}\n<\/code><\/pre>\n\n
Exclude URL from caching<\/h3>\n\n