{"id":20701411,"url":"https://github.com/nicko170/wp-openid","last_synced_at":"2025-09-27T09:31:17.706Z","repository":{"id":147211736,"uuid":"618249671","full_name":"nicko170/wp-openid","owner":"nicko170","description":"A WordPress plugin to authenticate users via an OpenID Connect Provider.","archived":false,"fork":false,"pushed_at":"2023-03-27T23:22:38.000Z","size":569,"stargazers_count":1,"open_issues_count":1,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-17T00:44:08.031Z","etag":null,"topics":["authentication","openid","openid-connect","openid-connect-client","wordpress","wordpress-admin","wordpress-plugin"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nicko170.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["nicko170"]}},"created_at":"2023-03-24T03:58:33.000Z","updated_at":"2024-09-01T01:16:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"e16ed0bf-0a47-4a6c-ac01-30211df9e43c","html_url":"https://github.com/nicko170/wp-openid","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicko170%2Fwp-openid","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicko170%2Fwp-openid/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicko170%2Fwp-openid/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicko170%2Fwp-openid/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nicko170","download_url":"https://codeload.github.com/nicko170/wp-openid/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234418965,"owners_count":18829743,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","openid","openid-connect","openid-connect-client","wordpress","wordpress-admin","wordpress-plugin"],"created_at":"2024-11-17T00:41:43.658Z","updated_at":"2025-09-27T09:31:10.340Z","avatar_url":"https://github.com/nicko170.png","language":"PHP","funding_links":["https://github.com/sponsors/nicko170"],"categories":[],"sub_categories":[],"readme":"# WP-OpenID\n\nA WordPress plugin to authenticate users via a OpenID Provider. This plugin scratches a very specific itch. This plugin\nis very\nsimple and does not do anything other than authenticate users via an OpenID Provider.\n\nThis plugin has been tested with both Keycloak and Okta, but should work with any OpenID Connect provider that supports\nthe Authorization Code flow with PKCE.\n\n![The WordPress Login Page](docs/images/login_page.png?raw=true)\n\n## Installation\n\n1. Download the latest release\n   from [GitHub Releases](https://github.com/nicko170/wp-openid/releases/latest/download/wp-openid.zip)\n2. In WordPress, go to **Plugins** \u003e **Add New** \u003e **Upload Plugin** and upload the zip file.\n3. Activate the plugin.\n4. A new **OpenID** menu item will appear in the WordPress admin Settings menu.\n5. Follow the instructions on the Settings page to configure the plugin.\n\n## Setting up Keycloak\n\n1. If you don't already have a Keycloak\n   instance, [you can run it up in Docker](https://www.keycloak.org/guides#getting-started)\n2. Sign in to your Keycloak instance with your administrator account.\n3. From the Admin dashboard, go to **Clients** \u003e **Create**.\n4. Enter the following values:\n    - **Client Type**: OpenID Connect\n    - **Client ID**: wordpress\n    - **Name**: WordPress\n\n5. Click **Next**, and enable Client Authentication. You can leave the other options as their defaults.\n6. Click **Save**, and set your URLs:\n    - **Root URL**: `https://example.com/`\n    - **Valid Redirect URIs**: `https://example.com/index.php?rest_route=/openid/callback`\n    - **Admin URL**: `https://example.com/wp-admin`\n    - The other URLs can be left as their defaults.\n7. Click **Save**, and copy the **Client ID** and **Client Secret** values from the **Credentials** tab.\n\n## Setting up Okta\n\n1. If you don't already have an Okta account, sign up for free developer account at https://developer.okta.com/signup/\n2. [Sign in to your Okta organization](https://developer.okta.com/login) with your administrator account.\n3. From the Admin dashboard, go to **Applications** \u003e **Applications**.\n4. Click **Create App Integration** and select \"OIDC - OpenID Connect\" as the **Sign-in method**, and \"Web Application\"\n   as the **Application Type**.\n5. Enter the following values:\n    - **Name**: WordPress (or whatever, I don't care)\n    - **Grant type**: Authorization Code\n    - **Sign-in redirect URIs**: `https://example.com/index.php?rest_route=/openid/callback`\n    - **Sign-out redirect URIs**: `https://example.com/`\n6. Click **Save**, and copy the **Client ID** and **Client Secret** values.\n7. If you want to show this application in the Okta Dashboard, click **Edit** on the **General Settings** tab and\n   enter the following values:\n    - **Login initiated by**: Either Okta or App\n    - **Application visibility**: Show in both the Okta End-User Dashboard and the Okta Admin Console\n    - **Initiate login URI**: `https://example.com/index.php?rest_route=/openid/login`\n\n## Configuration\n\nThe plugin requires the following configuration options:\n\n1. Metadata URL (e.g. `https://example.okta.com/.well-known/openid-configuration` or for\n   Keycloak `https://example.com/auth/realms/example/.well-known/openid-configuration`)\n2. Client ID (e.g. `0oa1b2c3d4e5f6g7h8i9j`)\n3. Client Secret (e.g. `0oa1b2c3d4e5f6g7h8i9j0oa1b2c3d4e5f6g7h8i9j`)\n\nYou can set these options via the Settings \u003e Okta page in the WordPress admin, or in your `wp-config.php` file if you\ndon't want them to be editable by other users:\n\n```php\ndefine('WP_OPENID_METADATA_URL', 'https://example.okta.com/.well-known/openid-configuration');\ndefine('WP_OPENID_CLIENT_ID', '0oa1b2c3d4e5f6g7h8i9j');\ndefine('WP_OPENID_CLIENT_SECRET', '0oa1b2c3d4e5f6g7h8i9j0oa1b2c3d4e5f6g7h8i9j');\n```\n\n![Settings Page](docs/images/settings_page.png?raw=true)\n\n## Mapping User Attributes\n\nYou can map user attributes from your OpenID Provider to WordPress user meta fields using the Settings \u003e OpenID page.\n\nThe following WordPress user attributes are supported:\n\n- user_login: The user's login username\n- user_url: The user's website URL\n- user_email: The user's email address\n- display_name: The user's display name\n- nickname: The user's nickname\n- first_name: The user's first name\n- last_name: The user's last name\n\nThe following OpenID Connect attributes are supported:\n\n- sub: The user's unique identifier\n- preferred_username: The user's preferred username\n- name: The user's full name\n- given_name: The user's first name\n- family_name: The user's last name\n- middle_name: The user's middle name\n- nickname: The user's nickname\n- profile: The user's profile page\n- picture: The user's profile picture\n- website: The user's website\n- email: The user's email address\n\n![Attribute Mapping](docs/images/attribute_mapping.png?raw=true)\n\n## User matching is performed by matching:\n\n- The `sub` claim from the ID Token to the `openid_id` meta field on the user\n- The `email` claim from the ID Token to the `user_email` field on the user\n- The `preferred_username` claim from the ID Token to the `user_login` field on the user\n\nIf you have remapped the `email` or `preferred_username` claims, your mapping will be used for user matching, before\nfalling back to `email` and `preferred_username` respectively.\n\nIf a user is not found, a new user will be created with the attributes as mapped in the Settings \u003e OpenID page.\n\n## Security\n\nIf you discover any security related issues, please email me at [nick@npratley.net](mailto:nick@npratley.net) instead of\nusing the issue tracker.\n\n## Credits\n\n- [Nick Pratley](https://github.com/nicko170)\n\n## License\n\nGNU General Public License v3.0\n\nCopyright (c) 2023 Nick Pratley\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnicko170%2Fwp-openid","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnicko170%2Fwp-openid","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnicko170%2Fwp-openid/lists"}