You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

6.2 KiB

OpenId Connect Generic Changelog

3.8.3

  • Fix: @timnolte - Fixed problems with proper redirect handling.
  • Improvement: @timnolte - Changes redirect handling to use State instead of cookies.
  • Improvement: @timnolte - Refactored additional code to meet coding standards.

3.8.2

  • Fix: @timnolte - Fixed reported XSS vulnerability on WordPress login screen.

3.8.1

  • Fix: @timnolte - Prevent SSO redirect on password protected posts.
  • Fix: @timnolte - CI/CD build issues.
  • Fix: @timnolte - Invalid redirect handling on logout for Auto Login setting.

3.8.0

  • Feature: @timnolte - Ability to use 6 new constants for setting client configuration instead of storing in the DB.
  • Improvement: @timnolte - NPM version requirements for development.
  • Improvement: @timnolte - Travis CI build fixes.
  • Improvement: @timnolte - GrumPHP configuration updates for code contributions.
  • Improvement: @timnolte - Refactored to meet WordPress coding standards.
  • Improvement: @timnolte - Refactored to provide localization.
  • Improvement: @timnolte - Refactored to provide a Docker-based local development environment.

3.7.1

  • Fix: Release Version Number.

3.7.0

  • Feature: @timnolte - Ability to enable/disable token refresh. Useful for IDPs that don't support token refresh.
  • Feature: @timnolte - Support custom redirect URL(redirect_to) with the authentication URL & login button shortcodes.
    • Supports additional attribute overrides including login button_text, endpoint_login, scope, redirect_uri.

3.6.0

  • Improvement: @RobjS - Improved error messages during login state failure.
  • Improvement: @RobjS - New developer filter for login form button URL.
  • Fix: @cs1m0n - Only increment username during new user creation if the "Link existing user" setting is enabled.
  • Fix: @xRy-42 - Allow periods and spaces in usernames to match what WordPress core allows.
  • Feature: @benochen - New setting named "Create user if does not exist" determines whether new users are created during login attempts.
  • Improvement: @flat235 - Username transliteration and normalization.

3.5.1

  • Fix: @daggerhart - New approach to state management using transients.

3.5.0

  • Readme fix: @thijskh - Fix syntax error in example openid-connect-generic-login-button-text
  • Feature: @slavicd - Allow override of the plugin by posting credentials to wp-login.php
  • Feature: @gassan - New action on use login
  • Fix: @daggerhart - Avoid double question marks in auth url query string
  • Fix: @drzraf - wp-cli bootstrap must not inhibit custom rewrite rules
  • Syntax change: @mullikine - Change PHP keywords to comply with PSR2

3.4.1

  • Minor documentation update and additional error checking.

3.4.0

  • Feature: @drzraf - New filter hook: ability to filter claim and derived user data before user creation.
  • Feature: @anttileppa - State time limit can now be changed on the settings page.
  • Fix: @drzraf - Fix PHP notice when using traditional login, $token_response may be empty.
  • Fix: @drzraf - Fixed a notice when cookie does not contain expected redirect_url

3.3.1

  • Prefixing classes for more efficient autoloading.
  • Avoid altering global wp_remote_post() parameters.
  • Minor metadata updates for wp.org

3.3.0

  • Fix: @pjeby - Handle multiple user sessions better by using the WP_Session_Tokens object. Predecessor to fixes for multiple other issues: #49, #50, #51

3.2.1

  • Bug fix: @svenvanhal - Exit after issuing redirect. Fixes #46

3.2.0

  • Feature: @robbiepaul - trigger core action wp_login when user is logged in through this plugin
  • Feature: @moriyoshi - Determine the WP_User display name with replacement tokens on the settings page. Tokens can be any property of the user_claim.
  • Feature: New setting to set redirect URL when session expires.
  • Feature: @robbiepaul - New filter for modifying authentication URL
  • Fix: @cedrox - Adding id_token_hint to logout URL according to spec
  • Bug fix: Provide port to the request header when requesting the user_claim

3.1.0

  • Feature: @rwasef1830 - Refresh tokens
  • Feature: @rwasef1830 - Integrated logout support with end_session endpoint
  • Feature: May use an alternate redirect_uri that doesn't rely on admin-ajax
  • Feature: @ahatherly - Support for IDP behind reverse proxy
  • Bug fix: @robertstaddon - case insensitive check for Bearer token
  • Bug fix: @rwasef1830 - "redirect to origin when auto-sso" cookie issue
  • Bug fix: @rwasef1830 - PHP Warnings headers already sent due to attempts to redirect and set cookies during login form message
  • Bug fix: @rwasef1830 - expire session when access_token expires if no refresh token found
  • UX fix: @rwasef1830 - Show login button on error redirect when using auto-sso

3.0.8

  • Feature: @wgengarelly - Added openid-connect-generic-update-user-using-current-claim action hook allowing other plugins/themes to take action using the fresh claims received when an existing user logs in.

3.0.7

  • Bug fix: @wgengarelly - When requesting userinfo, send the access token using the Authorization header field as recommended in section 5.3.1 of the specs.

3.0.6

  • Bug fix: @robertstaddon - If "Link Existing Users" is enabled, allow users who login with OpenID Connect to also log in with WordPress credentials

3.0.5

  • Feature: @robertstaddon - Added [openid_connect_generic_login_button] shortcode to allow the login button to be placed anywhere
  • Feature: @robertstaddon - Added setting to "Redirect Back to Origin Page" after a successful login instead of redirecting to the home page.

3.0.4

  • Feature: @robertstaddon - Added setting to allow linking existing WordPress user accounts with newly-authenticated OpenID Connect login

3.0.3

  • Using WordPresss's is_ssl() for setcookie()'s "secure" parameter
  • Bug fix: Incrementing username in case of collision.
  • Bug fix: Wrong error sent when missing token body

3.0.2

  • Added http_request_timeout setting

3.0.1

  • Finalizing 3.0.x api

3.0

  • Complete rewrite to separate concerns
  • Changed settings keys for clarity (requires updating settings if upgrading from another version)
  • Error logging

2.1

  • Working my way closer to spec. Possible breaking change. Now checking for preferred_username as priority.
  • New username determination to avoid collisions

2.0

Complete rewrite