diff --git a/includes/openid-connect-generic-client-wrapper.php b/includes/openid-connect-generic-client-wrapper.php index b44fb66..3ce53b5 100644 --- a/includes/openid-connect-generic-client-wrapper.php +++ b/includes/openid-connect-generic-client-wrapper.php @@ -455,6 +455,9 @@ class OpenID_Connect_Generic_Client_Wrapper { * @param $token_response */ function save_refresh_token( $manager, $token, $token_response ) { + if ( ! $this->settings->token_refresh_enable ) { + return; + } $session = $manager->get($token); $now = current_time( 'timestamp' , true ); $session[$this->cookie_token_refresh_key] = array( diff --git a/includes/openid-connect-generic-settings-page.php b/includes/openid-connect-generic-settings-page.php index 36f37ca..20fd327 100644 --- a/includes/openid-connect-generic-settings-page.php +++ b/includes/openid-connect-generic-settings-page.php @@ -161,6 +161,12 @@ class OpenID_Connect_Generic_Settings_Page { 'type' => 'number', 'section' => 'client_settings', ), + 'token_refresh_enable' => array( + 'title' => __( 'Enable Refresh Token' ), + 'description' => __( 'If checked, support refresh tokens used to obtain access tokens from supported IDPs.' ), + 'type' => 'checkbox', + 'section' => 'client_settings', + ), 'link_existing_users' => array( 'title' => __( 'Link Existing Users' ), 'description' => __( 'If a WordPress account already exists with the same identity as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error.' ), diff --git a/openid-connect-generic.php b/openid-connect-generic.php index f9e479a..d2ec7c3 100644 --- a/openid-connect-generic.php +++ b/openid-connect-generic.php @@ -277,6 +277,7 @@ class OpenID_Connect_Generic { // plugin settings 'enforce_privacy' => 0, 'alternate_redirect_uri' => 0, + 'token_refresh_enable' => 1, 'link_existing_users' => 0, 'redirect_user_back' => 0, 'redirect_on_logout' => 1,