Tim Nolte
Tim Nolte
I need to double check the logging settings as it's possible that: 1. The logging is intentionally removing the `code` value. (Which I should really just obfuscate it.) I just...
This plugin doesn't logout for the IDP it only logs out the current client. Site A and Site B have their own sessions. This would be the same thing if...
Also, a word of note is that WordPress maintains it's own login. This plugin doesn't currently provide either Back-Channel or Front-Channel logout with the IDP, with the exception of when...
After further testing this appears to be an issue when using a Composer-based WordPress installation, like Roots Bedrock, most likely due to the autoloader that is used by the site....
@gmazzap FYI, our agency ended up pushing through and rolling out the most recent beta release to all of our WordPress sites to support PHP 8.1. Unless there are any...
@khelil hmm, I'll have to do some digging into this. I have not found an IDP at this point that has required that.
@khelil hmm, I'm curious what you all had to change as the plugin should work for any OpenID Connect compliant IDP. Was there more than just the nonce?
@khelil hmm, that last point of having to change to a `GET` call seems wrong. 🤔
@khelil the OpenId Connect specs clearly state that token requests must be sent via `POST`. https://openid.net/specs/openid-connect-core-1_0.html#TokenRequest
To a degree I believe that the `nonce` support should be added in the same way that `acr` support was added. The exception being that this should be a boolean...