authorizer icon indicating copy to clipboard operation
authorizer copied to clipboard
verified publisher icon uhm-coe

Multiple OAuth2 methods

Open mikemarlett opened this issue 11 months ago • 1 comments

I love the ability to add multiple CAS authentication points, but I've just been handed a multi-university project where I have to authenticate users from perhaps a dozen or more public and private universities, and they simply don't all have CAS. Is there a way to create multiple OAuth2 authentications the same way you handle multiple CAS authentications?

mikemarlett avatar Mar 27 '25 12:03 mikemarlett

This sounds like a good idea. We had planned on refactoring all external services into a single array to allow defining multiple copies, but ended up giving up on that route due to too much effort with the way the current wp_options are structured (and complexity due to supporting multisite installs).

So in the end we just updated CAS config to support multiple servers. I think that commit should be a good starting point for applying this same feature to OAuth2: https://github.com/uhm-coe/authorizer/commit/bbd3cf6bdb79805882f9089a0bd680da341a4492

We're unlikely to get to this in the next few months, so if you're willing to try a pull request it would be much appreciated. Thanks!

figureone avatar Mar 27 '25 20:03 figureone

Feature added here: https://github.com/uhm-coe/authorizer/commit/f8155808e57679ecccd60d63785fe78111f99da5

This will be included in the next release, thanks for the suggestion and patience!

FYI, the only issue we ran into while building this is that Microsoft Azure can only be added as the first OAuth2 server, since they don't allow querystring params in the Redirect URI when configuring your application in portal.azure.com (we use the id query param to indicate which server definition should be used). This is the error message in the Azure Portal if you try to add the specific Authorizer WordPress redirect URL with querystring params: Image

figureone avatar Nov 18 '25 01:11 figureone

This automatically updated this morning and seems to have broken the single CAS login that was set up. It now redirects a bunch of times and then eventually logs the person out. I checked with the keepers of the CAS here and there have been no recent changes. (This login failure was reported to me by one of my admins and not because I checked.) The behavior seems to be the same as this open bug report: https://github.com/uhm-coe/authorizer/issues/134

The site in question is also allowing Google logins but not WordPress logins.

Azure was configured on this particular site, but we weren't using it and instead were using CAS. Turning on Azure creates a similar authentication problem and doesn't solve the CAS issue.

I spot checked our 20-some other WordPress sites using Authorizer and Azure, and they were all behaving normally.

This is the only one I have that uses the Google login — but it was using a Google login plugin that wasn't Authorizer (a legacy plugin situation), but I disabled that and used only Authorizer. That didn't change anything.

This site also uses LoginPress (Free)https://loginpress.pro/. Disabling it didn't change anything.

So currently the site is only successfully authenticating with Google logins.

Mike Marlett, Director of Media WSU Media Resources Center @.***

From: Paul Ryan @.> Date: Monday, November 17, 2025 at 7:28 PM To: uhm-coe/authorizer @.> Cc: Marlett, Mike @.>, Author @.> Subject: Re: [uhm-coe/authorizer] Multiple OAuth2 methods (Issue #172)

You don't often get email from @.*** Learn why this is importanthttps://aka.ms/LearnAboutSenderIdentification [https://avatars.githubusercontent.com/u/125274?s=20&v=4]figureone left a comment (uhm-coe/authorizer#172)https://github.com/uhm-coe/authorizer/issues/172#issuecomment-3544636820

Feature added here: https://github.com/uhm-coe/authorizer/commit/f8155808e57679ecccd60d63785fe78111f99da5

f815580https://github.com/uhm-coe/authorizer/commit/f8155808e57679ecccd60d63785fe78111f99da5

This will be included in the next release, thanks for the suggestion and patience!

FYI, the only issue we ran into while building this is that Microsoft Azure can only be added as the first OAuth2 server, since they don't allow querystring params in the Redirect URI when configuring your application in portal.azure.com (we use the id query param to indicate which server definition should be used). This is the error message in the Azure Portal if you try to add the specific Authorizer WordPress redirect URL with querystring params: Screenshot.2025-11-17.at.3.25.10.PM.png (view on web)https://github.com/user-attachments/assets/166979e4-fb4a-4ae2-8843-956ea06f86eb

— Reply to this email directly, view it on GitHubhttps://github.com/uhm-coe/authorizer/issues/172#issuecomment-3544636820, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALVHDWCMJV7NIZLPLKH4OE335JY2PAVCNFSM6AAAAACMMYB3CWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTKNBUGYZTMOBSGA. You are receiving this because you authored the thread.

mikemarlett avatar Nov 18 '25 16:11 mikemarlett

So we haven't released a plugin update yet, could there be another variable? If your CAS logins are stuck in a loop, there should be messages in the web server logs indicating the reason: https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-authentication.php#L994-L995

figureone avatar Nov 18 '25 17:11 figureone

Aloha, version 3.12.0 has been released with this feature. Please let us know if you run into any issues!

figureone avatar Nov 19 '25 00:11 figureone