Merge pull request #199 from timnolte/feature/disable-refresh-token

Adds Option to Enable/Disable Token Refresh.
5 years ago · 42a7163160
parent 783b2108b2 1c8a9d166c
commit 42a7163160
3 changed files with 10 additions and 0 deletions
--- a/includes/openid-connect-generic-client-wrapper.php
+++ b/includes/openid-connect-generic-client-wrapper.php
@ -457,6 +457,9 @@ class OpenID_Connect_Generic_Client_Wrapper {
 	 * @param $token_response
 	 */
 	function save_refresh_token( $manager, $token, $token_response ) {
+		if ( ! $this->settings->token_refresh_enable ) {
+			return;
+		}
 		$session = $manager->get($token);
 		$now = current_time( 'timestamp' , true );
 		$session[$this->cookie_token_refresh_key] = array(
--- a/includes/openid-connect-generic-settings-page.php
+++ b/includes/openid-connect-generic-settings-page.php
@ -161,6 +161,12 @@ class OpenID_Connect_Generic_Settings_Page {
 				'type'        => 'number',
 				'section'     => 'client_settings',
 			),
+			'token_refresh_enable'   => array(
+				'title'       => __( 'Enable Refresh Token' ),
+				'description' => __( 'If checked, support refresh tokens used to obtain access tokens from supported IDPs.' ),
+				'type'        => 'checkbox',
+				'section'     => 'client_settings',
+			),
 			'link_existing_users'   => array(
 				'title'       => __( 'Link Existing Users' ),
 				'description' => __( 'If a WordPress account already exists with the same identity as a newly-authenticated user over OpenID Connect, login as that user instead of generating an error.' ),
--- a/openid-connect-generic.php
+++ b/openid-connect-generic.php
@ -279,6 +279,7 @@ class OpenID_Connect_Generic {
 				// plugin settings
 				'enforce_privacy' => 0,
 				'alternate_redirect_uri' => 0,
+				'token_refresh_enable' => 1,
 				'link_existing_users' => 0,
 				'create_if_does_not_exist' => 1,
 				'redirect_user_back' => 0,