FusionAuth is first-class production-ready identity provider that supports oAuth2, OpenID, SAMLV2 and can be used as a SSO provider for your apps.
WordPress is worlds most used blogging platform with a crowded plugin ecosystem. Finding the right plugin can be a tedious task. In this example we’re using the openid-connect-generic plugin from daggerheart
Pro/Cons
PRO: The openid-connect-generic plugin from daggerheart requires NO code-writing, everything is adjustable via the admin pages. Allows logging out on the idp server. Free and very simple to use.
CON: The plugin is outdated, and has a logout quirk which needs a lot of redirecturls registered. despite that, it works with the latest version of WP. The plugin lacks functionality that maps roles to a user, and there is no option to disable the basic-login on the login-screen.
Why ?
If you own several blogs, you would want to use single sign on between each web application . The primary goal of OAuth is to allow users to interact with (WordPress) sites without requiring them to store sensitive credentials.
Requirements
– A FusionAuth instance.
– A Configured WordPress blog
FusionAuth configuration
Create a application within Fusionauth. Enable the Authorization Code and RefreshToken grant. All values can be found in the application administration of your fusionauth server.
Fill in the redirect and logout urls, like shown below:
Authorized redirect URLs
https://YOURWORDPRESS/wp-admin/admin-ajax.php?action=openid-connect-authorize
Due to the way this plugin logs out, we need to add extra redirect urls with a language-identifier.
https://YOURWORDPRESS/wp-login.php?loggedout=true&wp_lang=nl_NL
https://YOURWORDPRESS/wp-login.php?loggedout=true&wp_lang=en_GB
Logout URL
https:// YOURWORDPRESS /wp-login.php
WordPress Plugin installation
In order to get the openid-connect functionality, we will be using the openid-connect-generic plugin from daggerheart this time.
Install the plugin via the wordpress administration pages.
Openid-connect-generic WordPress plugin.
https://wordpress.org/plugins/daggerhart-openid-connect-generic/
WordPress Plugin configuration
Navigate to the admin pages, and select the ‘Settings->OpenID Connect Client’ page where you have to enter your identity provider settings.
Based on the domain-name of your FusionAuth instance, fill in the configuration values.
Identity Nickname Key
Most of the fields are self-explanatory. The fields Identity Key and Nickname Key need some special attention. these fields maps the primary-key or unique identifier from the oauth user claim.
I recommend setting sub for the Identity Key
and preferred_username for the Nickname Key
Thats it! you can now use your fusionauth instance to login wordpress!