search

oidc-wp / openid-connect-generic

WordPress plugin to provide an OpenID Connect Generic client
https://wordpress.org/plugins/daggerhart-openid-connect-generic/
261 stars 155 forks source link

How use ENV variables to define other settings keys not exposed (non standard & plugin settings) #517

Open f-leclere opened 9 months ago

f-leclere commented 9 months ago

Hi, thank's for this oidc plugin.

to automate fully website deployment, how is it possible to define other settings (below list) using ENV ?

need of ENV definition for settings keys:

            // Non-standard settings.
            'no_sslverify'    => 0,
            'http_request_timeout' => 5,
            'identity_key'    => 'preferred_username',
            'nickname_key'    => 'preferred_username',
            'email_format'       => '{email}',
            'displayname_format' => '',
            'identify_with_username' => false,

            // Plugin settings.
            'alternate_redirect_uri' => 0,
            'token_refresh_enable' => 1,
            'enable_logging'  => 0,
            'log_limit'       => 1000,

Regards

timnolte commented 9 months ago

Given the nonsensitive nature of those settings I haven't felt the need to make those available in the ENV as I generally end up thinking of just using the WP-CFM plugin and these settings are committed to configuration that is deployed and loaded as part of a deployment.

https://wordpress.org/plugins/wp-cfm/

I'll have to double check elsewhere as some of those might have hooks that could be used to set them from ENV. For those not available we'll have to expand the ENV support with additional code changes.

f-leclere commented 9 months ago

thanks for wp-cfm link, i'll take a look on.

for more explainations, our context is containers with gitops deployment process (w/o any interruption), we're using ci/cd, kustomize/kapp or ArgoCd/Flux to deploy. Website deployment is using ENV vars, PHP_define and wp-cli actions. Config values and secret are centralized in secure vault and inserted as ENV.

timnolte commented 9 months ago

@f-leclere yep, totally get it, we do something similar which is actually why I originally submitted the changes for the plugin before I took over primary maintenance to add ENV support for most of the settings. It shouldn't actually take much to get those additional settings covered so I'll take a look at that.