ccsmithwp

Yes, I am, indeed, using a classic theme.

I look forward to the fix; in the meantime, I’m getting by just fine with 17.1.4.

I’m also looking into a possible theme change..

Thanks for the reply!

Justin,

I’ve been working away at this for the past couple of weeks with limited success. At this point, unless you have some brilliant insight based on the information below, I’ve decided to abandon the project and take a whole different path.

In addition to your plugin, I have also tried the “miniOrange OAuth / OpenID Connect Server”, which is also a WordPress plugin. Results were similar (although not identical).

I also installed Keycloak, a standalone OpenID Connect and SAML identity provider. With Keycloak, I was able to log in to my Nextcloud server. This tells me that the Nextcloud OpenID Connect client (which is a Nextcloud extension/plugin/app) is operating “properly”.

I have tried many different settings in your plugin, in the miniOrange plugin, and in the connect client in Nextcloud. Results are the same in all cases.

As for the error that occurs when I use your plugin, it happens after I submit the WordPress login form which redirects to the Nextcloud client (step 7, below). I have included the step-by-step data flow below (which, again, is probably much more than you need, or may not be at all what you were asking for…).

As I said above, I’m ready to move on to other projects, but if you can come with other tests that you think I should attempt, I’m quite willing to do that.

LOGIN ATTEMPT from Nextcloud (service provider) to WP OAuth Server (IdP):
(apologies if the spacing gets botched…)

1. CLIENT (Nextcloud) LOGIN HTML

    Login with mywordpress


-----

2. REQUEST
GET https://mycloud.example.ca/index.php/apps/user_oidc/login/7

RESPONSE
Status: 303 See Other
Location: https://mywordpress.example.com/wptest/oauth/authorize/?
            client_id=L3aWkauc1hQrjsg42RoDFd35Q1hX9hgM2dhyCsSJ&
            response_type=code&
            scope=openid+basic&
            redirect_uri=https://mycloud.example.ca/index.php/apps/user_oidc/code&
               claims={"id_token":{"email":null,"name":null,"quota":null},
                       "userinfo":{"email":null,"name":null,"quota":null}}&
               state=FQFCA9XW9G4IBEAMQCWORPM8MNXNR5H8&
               nonce=0GVYVPX3NMZ0RZRGLGUKGJ5AEYQYPJZ7

-----

3. REQUEST
GET https://mywordpress.example.com/wptest/oauth/authorize/?...

RESPONSE
Status: 302 Found
Location: https://mywordpress.example.com/wptest/wp-login.php?
            redirect_to=https://mywordpress.example.com/wptest/oauth/authorize?client_id=L3aWkauc1hQrjsg42RoDFd35Q1hX9hgM2dhyCsSJ&
            response_type=code&
            scope=openid+basic&
            redirect_uri=https://mycloud.example.ca/index.php/apps/user_oidc/code&
               claims={\"id_token\":{\"email\":null,\"name\":null,\"quota\":null},
                       \"userinfo\":{\"email\":null,\"name\":null,\"quota\":null}}&
               state=FQFCA9XW9G4IBEAMQCWORPM8MNXNR5H8&
               nonce=0GVYVPX3NMZ0RZRGLGUKGJ5AEYQYPJZ7

-----

4. REQUEST
GET https://mywordpress.example.com/wptest/wp-login.php?...

RESPONSE
Status: 200 OK

-----

5. SERVER (WordPress - WP OAuth Server) LOGIN HTML
<form name="loginform" id="loginform" action="https://mywordpress.example.com/wptest/wp-login.php" method="post">
                <input  type="text" name="log" id="user_login" >
                <input  type="password" name="pwd" id="user_pass">
                <input  type="submit" value="Log In">
                <input  type="hidden" name="redirect_to" value=(as shown in step 3)>
</form>

-----

6. REQUEST
POST https://mywordpress.example.com/wptest/wp-login.php

RESPONSE
Status: 302 Found
Location: https://mywordpress.example.com/wptest/oauth/authorize/?
            client_id=L3aWkauc1hQrjsg42RoDFd35Q1hX9hgM2dhyCsSJ&
            response_type=code&
            scope=openid basic&
            redirect_uri=https://mycloud.example.ca/index.php/apps/user_oidc/code&
            claims=id_token:email:null,name:null,quota:null,userinfo:email:null,name:null,quota:null&
            state=FQFCA9XW9G4IBEAMQCWORPM8MNXNR5H8&
            nonce=0GVYVPX3NMZ0RZRGLGUKGJ5AEYQYPJZ7

-----

7. REQUEST
GET https://mywordpress.example.com/wptest/oauth/authorize/?...

RESPONSE
Status: 302 Found
Location: https://mycloud.example.ca/index.php/apps/user_oidc/code?
            code=904dan41tfumw3kso1lq9gniwqyehpwchim5xdgw&
            state=FQFCA9XW9G4IBEAMQCWORPM8MNXNR5H8&
            iframe=break

-----

9. REQUEST
GET https://mycloud.example.ca/index.php/apps/user_oidc/code?
        code=904dan41tfumw3kso1lq9gniwqyehpwchim5xdgw&
        state=FQFCA9XW9G4IBEAMQCWORPM8MNXNR5H8&
        iframe=break

RESPONSE
Status: 500 Internal Server Error

-----

10. CLIENT (Nextcloud) LOG FILE
[PHP] Error: Error: Undefined array key "id_token" at /path/to/nextcloud/apps/user_oidc/lib/Controller/LoginController.php#373 at <<closure>>
GET /index.php/apps/user_oidc/code?code=g5s7on38xlbszgq7i144njkkpw90gogtuen293wj&state=AFGHIPAKG7WHETWX0368BFS1BWMPMSFL&iframe=break
from 123.45.67.89 at 2022-12-06T20:05:06+00:00

Hi Justin,

This is a lot more information than you asked for, but you can just ignore what you don’t need:

I’m running WP OAuth Server – CE (4.2.3), with WordPress 6.1.1 and PHP Version 8.0.22 on Ubuntu 20.04.4. OAuth Server is the only active plugin.

I am attempting to connect to the OAuth Server using OpenID Connect, an add-on app for Nextcloud 24.0.7.

—-

On the OAuth Server side, I have created a client. On the Create/Edit Client screen, there are four checkboxes on the left side. Only the top checkbox, “Authorization Code” is enabled; the others are unchecked and disabled.

The client has an ID and Secret, and the Redirect URI is set to “https://mycloud.example.ca/index.php/apps/user_oidc/code”.

Still on the OAuth Server side, on the General Settings screen, the OAuth Server has been enabled and the other checkboxes are unchecked. On the Advanced Configuration screen, “Use JSON Web Tokens (JWT)” can be on or off with no difference.

But under “OpenID Connect 1.0a (Global)”, I cannot enable “Allow OpenID Connect” nor can I change the “ID Token Lifetime”.

—-

On the Nextcloud (client) side, I have created a “Registered Provider” and added the Client ID and Client Secret from the OAuth Server. For the “Discovery endpoint”, I used “https://mywordpress.example.com/wptest/.well-known/openid-configuration/”. There are a few other configurable settings, but none really pertain to this discussion.

When I attempt to log in to mycloud.example.ca, I do get the option to login using mywordpress.example.com and it takes me to a new WordPress login screen. I enter my credentials, click “Log in” and am shown a Nextcloud “Internal Server Error” screen.

Checking the Nextcloud error log, I see:

Error:?Undefined array key “id_token” at /usr/local/www/nextcloud-20.0.4/apps/user_oidc/lib/Controller/LoginController.php#373

—-

Note that .well-known/openid-configuration/ does include the line

jwks_uri “https://mywordpress.example.com/wptest/.well-known/keys/”

and .well-known/keys/ does include the following line:

kid “1669071542”

—-

So, would being able to enable “Allow OpenID Connect” on the OAuth Server’s Advanced Configuration screen make any difference, or is there something else going on?

Yes! Brilliant!

Thank you.

(Wow! for the response time…)