OpenID Connect Server Icon

OpenID Connect Server

By Automattic

Download

Active Installs

70+

Last Updated

April 17, 2025

First Released

October 31, 2022

Download History (Last one month)


Contributors

wordpressdotorg wordpressdotorg
akirk akirk
ashfame ashfame
psrpinto psrpinto

With this plugin you can use your own WordPress install to authenticate with a webservice that provides OpenID Connect to implement Single-Sign On (SSO) for your users.

The plugin is currently only configured using constants and hooks as follows:

Define the RSA keys

If you don’t have keys that you want to use yet, generate them using these commands:

openssl genrsa -out oidc.key 4096
openssl rsa -in oidc.key -pubout -out public.key

And make them available to the plugin as follows (this needs to be added before WordPress loads):

define( 'OIDC_PUBLIC_KEY', <<<OIDC_PUBLIC_KEY
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
OIDC_PUBLIC_KEY
);

define( 'OIDC_PRIVATE_KEY', <<<OIDC_PRIVATE_KEY
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
OIDC_PRIVATE_KEY
);

Alternatively, you can also put them outside the webroot and load them from the files like this:

define( 'OIDC_PUBLIC_KEY', file_get_contents( '/web-inaccessible/oidc.key' ) );
define( 'OIDC_PRIVATE_KEY', file_get_contents( '/web-inaccessible/private.key' ) );

Define the clients

Define your clients by adding a filter to oidc_registered_clients in a separate plugin file or functions.php of your theme or in a MU-plugin like:

add_filter( 'oidc_registered_clients', 'my_oidc_clients' );
function my_oidc_clients() {
    return array(
        'client_id_random_string' => array(
            'name' => 'The name of the Client',
            'secret' => 'a secret string',
            'redirect_uri' => 'https://example.com/redirect.uri',
            'grant_types' => array( 'authorization_code' ),
            'scope' => 'openid profile',
        ),
    );
}

Exclude URL from caching

  • example.com/wp-json/openid-connect/userinfo: We implement caching exclusion measures for this endpoint by setting Cache-Control: 'no-cache' headers and defining the DONOTCACHEPAGE constant. If you have a unique caching configuration, please ensure that you manually exclude this URL from caching.

Github Repo

You can report any issues you encounter directly on Github repo: Automattic/wp-openid-connect-server

No installation instructions provided.

No FAQ provided.

Changelog

2.0.0

  • [Breaking] Add a configuration option to support clients that don’t require consent #118 props @lart2150
  • Make client_id and client_secret optional for the token endpoint #116 props @lart2150
  • Update expected args specs for token endpoint as per OIDC spec #117

1.3.4

  • Add the autoloader to the uninstall script #111 props @MariaMozgunova

1.3.3

  • Fix failing login when Authorize form is non-English [#108]
  • Improvements in site health tests for key detection [#104][#105]

1.3.2

  • Prevent userinfo endpoint from being cached [#99]

1.3.0

  • Return display_name as the name property [#87]
  • Change text domain to openid-connect-server, instead of wp-openid-connect-server [#88]

1.2.1

  • No user facing changes

1.2.0

  • Add oidc_user_claims filter [#82]

Available Versions

Version Download Type
2.0.0 Download Stable
1.3.4 Download Stable
1.3.3 Download Stable
1.3.2 Download Stable
1.3.1 Download Stable
1.3.0 Download Stable
1.2.1 Download Stable
1.1.1 Download Stable
1.1.0 Download Stable
1.0 Download Stable
Development Download Trunk

Plugin Info

  • Version: 2.0.0
  • Last Updated: April 17, 2025
  • Active Installs: 70+
  • WordPress Version: 6.0 or higher
  • Tested up to: 6.8.2
  • PHP Version: 7.4 or higher
  • Tags:    
    oauth oauth-server oidc openid openid-connect

Ratings


0.0 out of 5 stars. (0 reviews)

See all reviews

Quick Live Demo

Reports & Analysis

Security Scan

Developer Resources

Useful Links

Scroll to Top