Automattic / wp-openid-connect-server

Use OpenID Connect to log in to other webservices using your own WordPress
https://wordpress.org/plugins/openid-connect-server/
GNU General Public License v2.0
25 stars 6 forks source link

Getting started #92

Open flcdrg opened 1 year ago

flcdrg commented 1 year ago

Hi there,

I’m pretty brand new to running/configuring WordPress, so apologies if these questions seem silly. I’ve read the README, but I’m still a bit unclear as to which files I should edit to add the configuration to.

I’ve got WordPress running in a Docker container, so I presume it’s a pretty vanilla install. I’ve created the public and private keys, but I’m not clear which file I should add the define( 'OIDC_PUBLIC_KEY' bits? Is the /index.php appropriate?

For the add_filter( lines, it mentions using a functions.php file from a theme. I appear to have three themes preinstalled. Would wp-content/themes/twentytwentyone/functions.php be the appropriate file to append this to?

Am I right to assume that once the plugin is configured correctly, that if my site is running on http://localhost:8080/ that I should be able to hit http://localhost:8080/.well-known/openid-configuration ?

psrpinto commented 1 year ago

Hi @flcdrg, these are great questions, we probably need to better document this.

The define( 'OIDC_PUBLIC_KEY' bits should go in the wp-config.php file. Since you're using docker, you'll probably need to "map" that file from your host machine to the container, using docker volumes.

Concerning the add_filter( lines, there are several options for where to add them:

  1. The active theme's functions.php. This means the code only runs if the theme is active.
  2. In a plugin, which means the code will always run (as long as the plugin is enabled), irrespective of which theme is enabled.

So option 2. is probably better since it doesn't depend on which theme is enabled.

You can create a new plugin that has the single purpose of configuring the openid-connect-server plugin:

// wp-content/plugins/configure-openid/plugin.php

/**
 * Plugin Name: configure-openid
 */

add_filter( 'oidc_registered_clients', 'my_oidc_clients' );
function my_oidc_clients() {
    // ...
}

You would also need to "map" the wp-content/plugins/configure-openid/plugin.php file into the container.

I hope this helps, let me know if something isn't clear.

psrpinto commented 1 year ago

Opened https://github.com/Automattic/wp-openid-connect-server/issues/93 to improve the docs.

biguenique commented 1 year ago

Here's what I have found so far concerning OIDC clients. Considering the example code:

add_filter( 'oidc_registered_clients', 'my_oidc_clients' );
function my_oidc_clients() {
    return array(
        'client_id_random_string' => array(
            'name' => 'The name of the Client',
            'secret' => 'a secret string',
            'redirect_uri' => 'https://example.com/redirect.uri',
            'grant_types' => array( 'authorization_code' ),
            'scope' => 'openid profile',
        ),
    );
}
  1. client_id_random_string needs to be a unique random string (10 chars minimum), you'll need this on the client side
  2. name: Name of the client (any constraints here? I don't know)
  3. secret is the shared secret between server and client (I generated one using php -r "echo bin2hex(random_bytes(32));")
  4. redirect_uri is provided by the client when configuring provider there and is application-specific (eg. https://nextcloud.example.com/apps/user_oidc/code, must be HTTPS!)
  5. grant_types and scope: do not edit these (unless you can?)

You can check the WP Site health for error/success messages from the plugin.

The problem I'm now facing: no matter what I do, the non-REST endpoints on my WordPress site (eg. https://example.com/.well-known/openid-configuration) keep failing with a 404 error. The REST endpoints (eg. https://example.com/wp-json/openid-connect/userinfo) seem to be correctly working, though. What am I doing wrong?

EDIT: Figured the latter problem out. Not related to the plugin.

jackghicks commented 11 months ago

For the benefit of future visitors, was the solution to your problem to go into the Wordpress Admin, then head to Settings -> Permalinks, and switch to use "Post name" as your Permalink Structure, instead of "Plain" ? That's the issue I had! :)

biguenique commented 11 months ago

For the benefit of future visitors, was the solution to your problem to go into the Wordpress Admin, then head to Settings -> Permalinks, and switch to use "Post name" as your Permalink Structure, instead of "Plain" ? That's the issue I had! :)

That's good to know, but my issue was different.

I was initially trying to set up my OIDC server on the main site of a WordPress multi-side network. The main site is using BuddyBoss Platform and relies on an array of different add-on plugins. For some reasons, the non-REST endpoints resulted in a 404 error. So instead of deactivating every plugin one by one to identify which one was interfering, I managed to make the OIDC server work by simply setting it up on a subsite of the network, with minimal plugins activated, and I was good to go!

MariaMozgunova commented 9 months ago

I installed the OpenID Connect Server plugin to the WordPress website Then followed all the steps from the configuration instruction But I can not access /wp-json/openid-connect/userinfo, /wp-json/openid-connect/authorize and /wp-json/openid-connect/token with a response being {"code":"rest_no_route","message":"No route was found matching the URL and request method.","data":{"status":404}}. Looks like the routes are not being registered correctly. I do not have any errors in the log file. The WordPress version is 6.4, I can see that this is untested.

Is there a way for me to get the REST routes working?

MariaMozgunova commented 9 months ago

For me, the issue was that I defined RSA keys in wp-config.php after the line require_once ABSPATH . 'wp-settings.php';. So the RSA keys were not available to the rest of the WordPress website.