openid-connect-generic
openid-connect-generic copied to clipboard
oidc-wp
Use a dedicated openid client library
OpenID provides pointers to existing implementations:
- https://github.com/openid/php-openid
- for both server and client
- Apache-licensed
- tests
- maintained.
- https://github.com/jumbojett/OpenID-Connect-PHP
- client-only
- Apache-licensed
- simple
- maintained
It may be worth considering whether client code advantageously replace the OpenID-aspects of current one (session refresh, endpoint autodetection, ...)
@drzraf Thanks for this. I agree, and will add this consideration to the 4.x roadmap
I would second this in principal, but would hardly consider php-openid "maintained" - last release in 2015, last commit over a year ago!
The jumbojett client looks promising, but is not compliant with the standard yet.
OpenId Connect clients for PHP seem to be woefully lacking!
That's a very mature library, but important to note that it is OAuth2, not specifically OpenId Connect.
@yrammos is generic OAuth2 a good idea for this plugin? It's title suggests it is specifically OpenId Connect. I think there a plenty of OAuth2 libs and plugins, but OpenId Connect has very specific requirements and is distinctly about authentication, when OAuth2 is just authorization.
@daggerhart would be good to know your thoughts
@spikyjt I'm sorry for my elliptical comment, which warrants your question. You see, there is no open-source or even reasonably-priced OAuth2 client for WordPress right now and this is the closest project that I was able to locate. If it is outside your purview, of course, I'll have to rest my case… Thanks.
@yrammos no apology needed! I wasn't aware Wordpress was lacking this, as there are so many PHP libs for OAuth2, I assumed there must be a plugin. Anyway, the question is really for @daggerhart who owns this project and can decide what his intentions for it are/were.
https://github.com/openid/php-openid has been updated in the last 4-5 months so it does seem to still be maintained.
Unfortunately, the openid/php-openid package appears to be no longer maintained. It still seems like https://packagist.org/packages/jumbojett/openid-connect-php is probably the best solution so long as it continues to get updates.
Doing some general Packagist searching it's possible that this Yii package might be able to be leveraged.
https://github.com/yiisoft/yii2-authclient
It has way more functionality in it beyond what this plugin is intended to provide so I'm not sure it's the right fit or not.
https://oauth2-client.thephpleague.com/
This may be a partial functionality solution but it doesn't provide any strictly OpenID Connect functionality. I'm sort of partial to perhaps the Yii library as it also provides OpenID Connect functionality along with the required oAuth functionality. There is a part of me that is tempted to fork the official certified PHP library and bring it up to modern PHP standards but I don't have unlimited time and that would take away from the time I do have to get through all of the items in the Issues and PRs.
There is a part of me that would love to get this plugin in a state where it could get certified by the OpenID Connect standards group. That might be wishful thinking.
A new search has turned up https://packagist.org/packages/facile-it/php-openid-client as what seems to be an even more complete library that is relatively well maintained. My main concern with https://packagist.org/packages/jumbojett/openid-connect-php is that it is essentially all a single Class and there appears to be some missing functionality that might limit how far the plugin can expand with implementing the OpenID Connect features.
So, documenting here another possible candidate for a library that seems to be well maintained. https://packagist.org/packages/oidc/core
I am noting that there are a number of other Composer packages that also utilize the https://packagist.org/packages/jumbojett/openid-connect-php package so that still may ultimately be the package to choose.