Hi, I have trouble saving parameters. For one server / service the endpoints are saved ok, but for another service, the required endpoint parameter values are swiped away and I get this to debug log:
[01-Apr-2022 11:32:50 UTC] PHP Notice: Undefined index: mo_oauth_body in /var/www/vhosts/adalmina.net/httpdocs/wp-content/plugins/miniorange-openid-connect-client/mo_openidconnect_settings.php on line 459
Difficult to test the connection when can’t save the parameters..
]]>wp-content/plugins/miniorange-login-openid/miniorange_openid_sso_settings.php:926
php
$size = (!empty($args['width']) ? 'width="' . $args['width'] . '" ' : 'width="50"');
if ($user_picture !== false AND strlen(trim($user_picture)) > 0) { //Avatar found?
return '<img alt="' . $user_meta_name . '" src="' . $user_picture . '" class="avatar apsl-avatar-social-login avatar-' . $size . ' photo" height="' . $size . '" width="' . $size . '" />';
}
Results in
php
<img alt="<user_id>>"
src="<linkedin_url>"
class="avatar apsl-avatar-social-login avatar-width=" 60px"
photo" height="width="60px" " width="width="60px" " /></a>
Hi,
I’m using authorization code grant type and I don’t think your OIDC client is sending the code to our IDS4. It should be like this :-
POST /connect/token client_id=client1& client_secret=secret& grant_type=authorization_code&code=hdh922
Our IDS4 server responds with :-
"GrantType": "authorization_code",
"Error": "invalid_request",
"ErrorDescription": "code challenge required",
"Category": "Token",
"Name": "Token Issued Failure"In IDS4 Client config I have:-
AllowedGrantTypes = GrantTypes.Code;
AllowedScopes = new List<string>() {"OpenId", "Profile" }Plus all the clientid, secret, urls etc set up correctly (we use IDS4 & OIDC for our WebClients)
Can you help please?
Thanks in advance
Nigel
How to debug the plugin to enable the logs? How to capture the error logs? The plugin is working for few users and not for others. Not sure what are the differences and how to debug? Any restrictions regarding the number of characters on the username/display name?
]]>I have successfully configured the login page to “Login with <Nextcloud>”, and I can grant access, but when it redirects back to my wordpress I get the error:
cURL error 6: Could not resolve host: <my.nextcloud.url>
How can I overcome this error?
]]>Hi,
Is it possible to login and register with FranceConnect ?
Thanks
]]>I’m currently evaluating different (Social-) Login-Solutions for my new Project, and I haven’t found a solution including Apple.
As Sign In with Apple supports Open-Id Connect, I would like to know, if it is supported by this plugin, as it isn’t mentioned anywhere.
]]>Does your platform support the open source Gluu Server? It’s a certified OpenID Provider.
]]>Hi, We’re testing your plugin to use it in a new NuxtJS application where we want our users to be authenticated with our current WordPress portal, we’ve configured our Nuxt app with the Oauth2 client credentials and Urls defined in our local MiniOrange Oauth server configuration but we are receiving this error:
{"error":"redirect_uri_mismatch","error_description":"The redirect URI provided is missing or does not match","error_uri":"http:\/\/tools.ietf.org\/html\/rfc6749#section-3.1.2"}
The Redirect URI is a premium feature, how can we test during development to confirm that it is not an config error in our Nuxt JS app?
Thanks,
]]>Hello,
On the configuration of a new service we have the following error when testing the connexion :
{“status”:”fail”,”message”:”The following fields are missing or empty : nonce”}
how can we implementing a “nonce” parameter with a random number value on the http request to make it work the third party login
Thanks you for your support,
Have a good day,
Amir
]]>The plugin is not compatible with WSO2 IS (version 5.8.0) due to sending authorization credentials (client ID and client secret) both in the request body and authorization header. WSO2 IS requires credentials to be sent only using one of the methods.
Log from WSO2:
[2019-08-27 10:42:37,523] DEBUG {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService} - Evaluating canAuthenticate of authenticator : BasicOAuthClientCredAuthenticator
[2019-08-27 10:42:37,523] DEBUG {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator} - Basic auth credentials exists as Authorization header. Hence returning true.
[2019-08-27 10:42:37,523] DEBUG {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService} - BasicOAuthClientCredAuthenticator authenticator can handle incoming request.
[2019-08-27 10:42:37,523] DEBUG {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService} - Authenticator BasicOAuthClientCredAuthenticator can authenticate the client request. Hence trying to evaluate authentication
[2019-08-27 10:42:37,523] DEBUG {org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator} - Client Id and Client Secret found in request body and Authorization header. Credentials should be sent in either request body or Authorization header, not both
[2019-08-27 10:42:37,523] DEBUG {org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnService} - Error while evaluating client authenticator : BasicOAuthClientCredAuthenticator
org.wso2.carbon.identity.oauth2.client.authentication.OAuthClientAuthnException: Request body and headers contain authorization information
at org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator.validateDuplicatedBasicAuthInfo(BasicAuthClientAuthenticator.java:191)
at org.wso2.carbon.identity.oauth2.client.authentication.BasicAuthClientAuthenticator.getClientId(BasicAuthClientAuthenticator.java:163)
...In order to be compatible with WSO2 IS, the plugin code should be changed. Either send credentials only in the header or in request body. Or maybe there could be a configuration option for this.
We have fixed it temporarily by making changes in an OpenID connect handler file (wp-content/plugins/miniorange-openid-connect-client/handler/openidconnect_handler.php):
...
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: Basic'.base64_encode($clientid.":".$clientsecret),
'Accept: application/json'
));
# here client_id and client_secret fields were removed from the request body
# curl_setopt( $ch, CURLOPT_POSTFIELDS, 'redirect_uri='.urlencode($redirect_url).'&grant_type='.$grant_type.'&client_id='.$clientid.'&client_secret='.$clientsecret.'&code='.$code);
curl_setopt( $ch, CURLOPT_POSTFIELDS, 'redirect_uri='.urlencode($redirect_url).'&grant_type='.$grant_type.'&code='.$code);
$response = curl_exec($ch);
...Hello,
Does it rely on the license checking to your server end please?
Thanks
]]>