search

oidc-wp / openid-connect-generic

WordPress plugin to provide an OpenID Connect Generic client
https://wordpress.org/plugins/daggerhart-openid-connect-generic/
260 stars 156 forks source link

Add a filter / feature to login using rememberme, which allows longer valid login cookies #512

Closed menno-ll closed 6 months ago

menno-ll commented 7 months ago

Is your feature request related to a problem? Please describe. For a client we have a news website, with a paywall, stuff like that. Their customers need to login using this openid connection, so they can view the paid content. However, they are logged out everytime they close their browser, or after 2 days. This all will lead to a degraded user experience, and a loss of paid customers.

Describe the solution you'd like A clear and concise description of what you want to happen. I would like this plugin to add the option to enable using rememberme logins, which allows extending the session time. I would also like the plugin to set the WP login cookie expiration to the same length as the IDP session.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered. I've tried using the auth_cookie_expiration at this moment in time, however this does not work fully. It only changes the length a cookie is valid, but it will still be invalidated after the browser is closed. For this to be modified, rememberme login needs to be used.

Additional context I will attempt to create a PR for you which includes this feature, which can be enabled using a filter.

timnolte commented 7 months ago

FYI, the plugin is controlled by the IDP session length. This is not related to a cookie.

menno-ll commented 7 months ago

For as far as i can see, the IDP session length has no influence at all on the length of the WP login cookie that is set here and here.

If i am correct this would in the current state result in Wordpress logging in the user for the current session, with a max time of 2 days. Or am i missing something here? If so, could you please point me to the code handling the IDP session length while logging in the user in WP?

menno-ll commented 7 months ago

The PR https://github.com/oidc-wp/openid-connect-generic/pull/513 i've created is now finished, hopefully this will clarify what I am trying to accomplish.

menno-ll commented 7 months ago

Also created PR https://github.com/oidc-wp/openid-connect-generic/pull/514, which sets the wp user cookie expiration to the value of the refresh token expiration.

timnolte commented 5 months ago

@menno-ll a release with this work has now been published to the WP.org repository.

menno-ll commented 5 months ago

Thank you @timnolte, have a good day!