OIDC on wordpress api's using keycloak [wordpress api's are open even after activating the plugin]

[Somu60789]

Is your feature request related to a problem? Please describe. As i started my journey as a developer, I found the requirement of OIDC to one of the wordpress application. soon i found this plugin. The problem of this plugin is, it won't support the authentication and authorisation on wordpress backend api's. Sometimes there is a requirement that we need to use wordpress api's in other applications

Describe the solution you'd like

Can we put wordpress rest api's under OIDC with keycloak?

Additional context

When i hit the wordpress api's to get the data with no auth it should not give response 200 ok

[timnolte]

@Somu60789 it would be helpful to fill out the template with all of the requested details in order to better understand the request. Are you talking about the REST API or XMLRPC, or both?

[Somu60789]

@timnolte I wanted to use post api of wordpress [ */wp-json/wp/v2/posts] to fetch the data into my react applications. For using this api it's need to be under OIDC with keycloak. As i installed and configured "openid-connect-generic" plugin but when i hit api through postman with no auth showing 200 ok. Can we have the functionality to validate keycloak token before sending the data?

[Somu60789]

@timnolte I am talking about Wordpress rest api's

[timnolte]

@Somu60789 I'm not quite sure that this plugin can provide what you are looking for, primarily because this plugin uses the code flow which sends a user to the IDP for authentication. This setup wouldn't work to provide API authentication for an outside application.