Commit Graph

239 Commits (7560701348e004f09df7c831d0703e0bcc173ca2)
 

Author SHA1 Message Date
Jonathan Daggerhart c73d9f6956 new setting allows administrator to determine if users should be redirected when their acces token expires.
skidos 059d672de2 Update openid-connect-generic-client-wrapper.php
Add id_token_hint to end session logout redirect url 
http://openid.net/specs/openid-connect-session-1_0.html#RPLogout
Jonathan Daggerhart cdf2629aa3 Merge pull request from robbiepaul/dev
Authentication URL can be modified
Robbie Paul 69a431793f Authentication URL can be modified
Some OpenID Connect providers offer additional functionality by adding
query params to the authentication URL

For example with Azure Active Directory if you pass in
`&domain_hint=REALM` you can customise the way the login screen looks
with your corporate logo etc
Jonathan Daggerhart b64fab27be breaking out changelog into its own file, providing attribution to users that have helped with issues and prs
Jonathan Daggerhart 814a7e6ca7 Merge pull request from robbiepaul/dev
Calls the wp_login action at the end of the login flow
Robbie Paul 82162ec753 Escape the error message
* This commit prevents a possible reflected XSS
Robbie Paul 672d7292e2 Include wp_login action after auth cookie is set
* Many plugins will hook in to this action, it should be at the end of any
  WordPress login flow
* See: https://core.trac.wordpress.org/browser/tags/4.7.3/src/wp-includes/user.php#L104
Jonathan Daggerhart b8ad2dd560 updating version and readmes
Jonathan Daggerhart 61c549189c adding port to the request headers per issue
Jonathan Daggerhart 14133138a7 some method annotation corrections, and minor settings page typoes
Jonathan Daggerhart 54c43eb2b9 Merge pull request from opencollector/moriyoshi/more-flexible-identity-settings
More flexible identity settings.
Moriyoshi Koizumi 0bbfc3437f More flexible identity settings.
Jonathan Daggerhart e723799397 updating change log with new reverse proxy support feature
Jonathan Daggerhart 4866765768 Merge pull request from ahatherly/master
Set the Host header on http requests to openid-connect endpoint
Adam Hatherly 2281246816 Set the Host header on http requests to openid-connect endpoint so it works behind a reverse proxy
Jonathan Daggerhart e7f390477c fixing error on php 5.4
Jonathan Daggerhart e4b1340dff updating readmes for alternate redirect_uri
Jonathan Daggerhart 14d0ec44f6 Allow for the use of an alternate authentication route (redirect_uri) as opposed to the default admin-ajax method
Jonathan Daggerhart 0dc448fee5 clean up autoloader, default settings values, and validate refresh token result before attempting response
Jonathan Daggerhart aafb5f7a2c minor logger and settings page documentation improvements
Jonathan Daggerhart 6e9790c221 adding comments on new functions
Jonathan Daggerhart 403aa6ddeb changing next-version number to represent a new features in the update
Jonathan Daggerhart 9992960752 updating plugin version and readme files
Jonathan Daggerhart 37579f7a90 Merge pull request from rwasef1830/oidc_integrated_logout
OpenID Connect end_session_endpoint integrated logout support
Raif Atef 69930fcd3c OpenID Connect end_session_endpoint integrated logout support.
Jonathan Daggerhart 0f2d8fc5a8 moving auto login redirect to a method that fires during hook init
Jonathan Daggerhart ef97d0b8b8 Merge pull request from rwasef1830/keep_oidc_button_on_login_with_error
In case of an error redirect and auto sso, keep the button and hide the normal form
Raif Atef c377e50cfa In case of an error redirect and auto sso, keep the openid connect button and hide the login form.
Jonathan Daggerhart fede005f1f fix autoloader for diff environments, use wp_remote_post instead of ‘get’, and move cookie setting to hook init
Jonathan Daggerhart bf60b37f7e Merge pull request from rwasef1830/handle_optional_refresh_token
If IdP doesn't issue a refresh token, expire the session when the access token expires
Raif Atef 38f78cc274 If IdP doesn't issue a refresh token, expire the session when the access token expires.
Jonathan Daggerhart 2655668089 Merge pull request from rwasef1830/fix_redirect_to_origin_for_error_redirect
Working to fix "redirect to origin" for error redirect
Raif Atef 2ff33dba41 Move redirect cookie set earlier to save origin on error redirect and clear it during the redirect.
Robert Staddon 954b72848f Merge pull request from rwasef1830/refresh_token_support
Refresh tokens when needed instead of logging out when access_token expires
Raif Atef a47f6d2bfc Refresh tokens when needed instead of logging out when access_token expires.
- refresh_token + access_token expiry is sent via encrypted cookie to the browser.
- If cookie is missing or invalid, user is logged out.
- If last access token expired, use refresh token to fetch a new one and send a new cookie.
- If token refresh fails, user is logged out.
- Cookie encryption is with per-user random key stored in user meta.
- Encryption and key generation done using https://github.com/defuse/php-encryption
- Updated autoloader function to support loading namespaced classes.
Robert Staddon 29c223c606 Merge pull request from daggerhart/master
Make token_type check in validate_token_response case-insensitive (Fixes issue ).
Robert Staddon 5d0ad04123 Merge pull request from rwasef1830/token_type_case_insensitive
Fix issue 
Raif Atef d8a043a6c7 Make token_type check in validate_token_response case-insensitive (Fixes issue ).
Robert Staddon f2d2a8083b Merge pull request from wgengarelly/master
Added hook for existing user login allowing others to take action using updated claims
wgengarelly 257216e148 Added [openid-connect-generic-update-user-using-current-claim] action hook allowing other plugins/themes
to take action using the fresh claims received when an existing user logs in.
Robert Staddon 1c471f84ed Merge pull request from wgengarelly/master
Send access token in the Authorization header when requesting user info
wgengarelly 08d9f58d0d When requesting userinfo, send the access token using the Authorization header field as recommended in section 5.3.1 of the specs.
Robert Staddon 1002943a22 Merge pull request from robertstaddon/master
Allow users to login with WP account after using OpenID Connect
Robert Staddon 960f475aad Update readme and version numbers for 3.0.6
Robert Staddon db32baa60e Allow users to login with WP account after using OpenID Connect
Resolve a bug that prevented users from logging in with their WordPress
credentials after having logged in via OpenID Connect.
Robert Staddon 326a2cd213 Merge remote-tracking branch 'refs/remotes/daggerhart/master'
Robert Staddon e2ab1b18d8 Merge pull request from robertstaddon/master
Add OpenID Connect button shortcode for insertion on any login form
Robert Staddon f5c5ff8908 Add an action hook before the redirect
Robert Staddon 74153ec363 Support "redirect_to" parameter on login page