Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Getting started #92

Open
flcdrg opened this issue Jul 14, 2023 · 7 comments
Open

Getting started #92

flcdrg opened this issue Jul 14, 2023 · 7 comments

Comments

@flcdrg
Copy link

flcdrg commented Jul 14, 2023

Hi there,

I’m pretty brand new to running/configuring WordPress, so apologies if these questions seem silly. I’ve read the README, but I’m still a bit unclear as to which files I should edit to add the configuration to.

I’ve got WordPress running in a Docker container, so I presume it’s a pretty vanilla install. I’ve created the public and private keys, but I’m not clear which file I should add the define( 'OIDC_PUBLIC_KEY' bits? Is the /index.php appropriate?

For the add_filter( lines, it mentions using a functions.php file from a theme. I appear to have three themes preinstalled. Would wp-content/themes/twentytwentyone/functions.php be the appropriate file to append this to?

Am I right to assume that once the plugin is configured correctly, that if my site is running on http://localhost:8080/ that I should be able to hit http://localhost:8080/.well-known/openid-configuration ?

@psrpinto
Copy link
Member

psrpinto commented Jul 14, 2023

Hi @flcdrg, these are great questions, we probably need to better document this.

The define( 'OIDC_PUBLIC_KEY' bits should go in the wp-config.php file. Since you're using docker, you'll probably need to "map" that file from your host machine to the container, using docker volumes.

Concerning the add_filter( lines, there are several options for where to add them:

  1. The active theme's functions.php. This means the code only runs if the theme is active.
  2. In a plugin, which means the code will always run (as long as the plugin is enabled), irrespective of which theme is enabled.

So option 2. is probably better since it doesn't depend on which theme is enabled.

You can create a new plugin that has the single purpose of configuring the openid-connect-server plugin:

// wp-content/plugins/configure-openid/plugin.php

/**
 * Plugin Name: configure-openid
 */

add_filter( 'oidc_registered_clients', 'my_oidc_clients' );
function my_oidc_clients() {
    // ...
}

You would also need to "map" the wp-content/plugins/configure-openid/plugin.php file into the container.

I hope this helps, let me know if something isn't clear.

@psrpinto
Copy link
Member

Opened #93 to improve the docs.

@biguenique
Copy link

biguenique commented Nov 1, 2023

Here's what I have found so far concerning OIDC clients. Considering the example code:

add_filter( 'oidc_registered_clients', 'my_oidc_clients' );
function my_oidc_clients() {
	return array(
		'client_id_random_string' => array(
			'name' => 'The name of the Client',
			'secret' => 'a secret string',
			'redirect_uri' => 'https://example.com/redirect.uri',
			'grant_types' => array( 'authorization_code' ),
			'scope' => 'openid profile',
		),
	);
}
  1. client_id_random_string needs to be a unique random string (10 chars minimum), you'll need this on the client side
  2. name: Name of the client (any constraints here? I don't know)
  3. secret is the shared secret between server and client (I generated one using php -r "echo bin2hex(random_bytes(32));")
  4. redirect_uri is provided by the client when configuring provider there and is application-specific (eg. https://nextcloud.example.com/apps/user_oidc/code, must be HTTPS!)
  5. grant_types and scope: do not edit these (unless you can?)

You can check the WP Site health for error/success messages from the plugin.

The problem I'm now facing: no matter what I do, the non-REST endpoints on my WordPress site (eg. https://example.com/.well-known/openid-configuration) keep failing with a 404 error. The REST endpoints (eg. https://example.com/wp-json/openid-connect/userinfo) seem to be correctly working, though. What am I doing wrong?

EDIT: Figured the latter problem out. Not related to the plugin.

@jackghicks
Copy link

For the benefit of future visitors, was the solution to your problem to go into the Wordpress Admin, then head to Settings -> Permalinks, and switch to use "Post name" as your Permalink Structure, instead of "Plain" ? That's the issue I had! :)

@biguenique
Copy link

For the benefit of future visitors, was the solution to your problem to go into the Wordpress Admin, then head to Settings -> Permalinks, and switch to use "Post name" as your Permalink Structure, instead of "Plain" ? That's the issue I had! :)

That's good to know, but my issue was different.

I was initially trying to set up my OIDC server on the main site of a WordPress multi-side network. The main site is using BuddyBoss Platform and relies on an array of different add-on plugins. For some reasons, the non-REST endpoints resulted in a 404 error. So instead of deactivating every plugin one by one to identify which one was interfering, I managed to make the OIDC server work by simply setting it up on a subsite of the network, with minimal plugins activated, and I was good to go!

@MariaMozgunova
Copy link
Contributor

I installed the OpenID Connect Server plugin to the WordPress website
Then followed all the steps from the configuration instruction
But I can not access /wp-json/openid-connect/userinfo, /wp-json/openid-connect/authorize and /wp-json/openid-connect/token with a response being {"code":"rest_no_route","message":"No route was found matching the URL and request method.","data":{"status":404}}.
Looks like the routes are not being registered correctly. I do not have any errors in the log file. The WordPress version is 6.4, I can see that this is untested.

Is there a way for me to get the REST routes working?

@MariaMozgunova
Copy link
Contributor

For me, the issue was that I defined RSA keys in wp-config.php after the line require_once ABSPATH . 'wp-settings.php';. So the RSA keys were not available to the rest of the WordPress website.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants