From 47ea6d6ec3bae6f96a942791f7d56eade285ffb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karlo=20=C5=A0imunovi=C4=87?= Date: Mon, 2 Dec 2019 13:21:11 +0100 Subject: [PATCH] Add two filters to modify received $token_response and $id_token_claim before validation This is related to daggerhart/openid-connect-generic#155 --- includes/openid-connect-generic-client-wrapper.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/includes/openid-connect-generic-client-wrapper.php b/includes/openid-connect-generic-client-wrapper.php index e3774fe..96769cc 100644 --- a/includes/openid-connect-generic-client-wrapper.php +++ b/includes/openid-connect-generic-client-wrapper.php @@ -298,6 +298,9 @@ class OpenID_Connect_Generic_Client_Wrapper { // get the decoded response from the authentication request result $token_response = $client->get_token_response( $token_result ); + // allow for other plugins to alter data before validation + $token_response = apply_filters( 'openid-connect-modify-token-response-before-validation', $token_response ); + if ( is_wp_error( $token_response ) ){ $this->error_redirect( $token_response ); } @@ -318,7 +321,10 @@ class OpenID_Connect_Generic_Client_Wrapper { // The access_token must be used to prove access rights to protected resources // e.g. for the userinfo endpoint $id_token_claim = $client->get_id_token_claim( $token_response ); - + + // allow for other plugins to alter data before validation + $id_token_claim = apply_filters( 'openid-connect-modify-id-token-claim-before-validation', $id_token_claim ); + if ( is_wp_error( $id_token_claim ) ){ $this->error_redirect( $id_token_claim ); }