PHPackages sitmpcz/wp-oidc - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. sitmpcz/wp-oidc ActiveWordpress-plugin sitmpcz/wp-oidc =============== WordPress OIDC plugin for Keycloak authentication v1.0.2(1mo ago)08↓100%PHPPHP >=8.0 Since Mar 18Pushed 1mo agoCompare [ Source](https://github.com/sitmpcz/wp-oidc)[ Packagist](https://packagist.org/packages/sitmpcz/wp-oidc)[ RSS](/packages/sitmpcz-wp-oidc/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (3)Versions (3)Used By (0) WordPress OIDC Login Plugin =========================== [](#wordpress-oidc-login-plugin) A lightweight WordPress plugin that replaces the standard login form with OpenID Connect (OIDC) authentication via Keycloak. Features -------- [](#features) - 🔐 **OIDC Authentication** - Single Sign-On via Keycloak - 👤 **Email-based User Matching** - Pairs users by email address - 🚀 **Lightweight** - Minimal code, single responsibility (authentication only) - ⚙️ **Environment Variables** - Secure configuration via env variables - 🔄 **Logout Integration** - Automatic logout redirect to Keycloak - 📡 **Backchannel Logout** - Support for OIDC RP-Initiated Logout - 🛡️ **CSRF Protection** - State parameter validation - 💾 **WordPress Native** - Uses standard WordPress authentication Quick Start ----------- [](#quick-start) ### 1. Install Dependencies [](#1-install-dependencies) ``` composer install ``` ### 2. Install Plugin [](#2-install-plugin) ``` # Development (symlink) ln -s $(pwd) /path/to/wordpress/wp-content/plugins/wp-oidc # Production (copy) cp -r . /path/to/wordpress/wp-content/plugins/wp-oidc ``` ### 3. Configure [](#3-configure) **Option A: Environment Variables (Recommended)** ``` cp .env.example .env # Edit .env with your Keycloak credentials ``` **Option B: WordPress Admin** - Go to Settings → OIDC Login - Enter Keycloak configuration ### 4. Setup Keycloak Client [](#4-setup-keycloak-client) In Keycloak admin console: 1. Create OAuth 2.0 Confidential Client 2. Set Valid Redirect URIs: `https://example.com/wp-login.php?oidc_callback=1` 3. Copy Client ID and Client Secret Configuration ------------- [](#configuration) ### Environment Variables (Recommended for Production) [](#environment-variables-recommended-for-production) ``` WP_OIDC_ENABLED=1 WP_OIDC_ISSUER_URL=https://keycloak.example.com/realms/my-realm WP_OIDC_CLIENT_ID=wordpress WP_OIDC_CLIENT_SECRET=your-client-secret WP_OIDC_REDIRECT_URI=https://example.com/wp-login.php?oidc_callback=1 ``` See [CONFIG.md](CONFIG.md) for detailed setup options: - `.env` file (development) - Docker/Docker Compose - Apache/Nginx - wp-config.php - Systemd - Secrets Management Systems ### User Management [](#user-management) Users must be created **manually** in WordPress admin: 1. WordPress Admin → Users → Add New 2. Enter username and email 3. **Email must match Keycloak user email** The plugin handles authentication only. User creation, roles, and permissions are managed separately. Documentation ------------- [](#documentation) - **[QUICKSTART.md](QUICKSTART.md)** - 5-minute setup guide - **[INSTALLATION.md](INSTALLATION.md)** - Detailed installation & troubleshooting - **[CONFIG.md](CONFIG.md)** - Environment configuration guide - **[ARCHITECTURE.md](ARCHITECTURE.md)** - Technical design & development Requirements ------------ [](#requirements) - PHP 8.0+ - WordPress 5.0+ - Keycloak server with OIDC provider - Composer (for dependencies) Dependencies ------------ [](#dependencies) - [facile-it/php-openid-client](https://github.com/facile-it/php-openid-client) - OIDC protocol library How It Works ------------ [](#how-it-works) ``` User visits /wp-login.php ↓ (Redirected to Keycloak) User authenticates with Keycloak ↓ (Redirected back with authorization code) Plugin exchanges code for tokens ↓ (Fetches email from userinfo) Plugin finds WordPress user by email ↓ (Sets authentication cookie) User logged into WordPress ``` What This Plugin Does --------------------- [](#what-this-plugin-does) ✅ Replaces WordPress login form with OIDC ✅ Matches users by email address ✅ Handles authentication flow ✅ Redirects to Keycloak logout ✅ Supports backchannel logout (OIDC RP-Initiated Logout) What This Plugin Does NOT Do ---------------------------- [](#what-this-plugin-does-not-do) ❌ Auto-create WordPress users (manual creation required) ❌ Manage user roles or permissions ❌ Sync user data from Keycloak ❌ Support multiple email addresses per user These are intentional limitations to keep the plugin lightweight and focused on authentication. Security -------- [](#security) - ✅ CSRF protection via state parameter - ✅ JWT signature verification - ✅ Environment variables for secrets - ✅ Standard WordPress authentication - ⚠️ Use HTTPS in production (required by OIDC) ### Protecting Secrets [](#protecting-secrets) **Never commit `.env` file or client secrets to version control:** ``` # Add to .gitignore .env .env.local ``` Use environment variables or secure secrets management: - AWS Secrets Manager - HashiCorp Vault - Kubernetes Secrets - Docker Secrets Troubleshooting --------------- [](#troubleshooting) ### "User not found" Error [](#user-not-found-error) → Create WordPress user with same email as Keycloak ### Plugin not redirecting to Keycloak [](#plugin-not-redirecting-to-keycloak) → Check if OIDC is enabled in Settings → OIDC Login → Verify all required settings are filled ### "Invalid state parameter" [](#invalid-state-parameter) → Session was lost - try logging in again See [INSTALLATION.md](INSTALLATION.md) for more troubleshooting steps. Development ----------- [](#development) This plugin uses: - PHP 8.0+ with PSR-4 autoloading - WordPress hooks for integration - Composer for dependency management - Environment variables for configuration ### Project Structure [](#project-structure) ``` ├── wp-oidc.php # Main plugin file ├── composer.json # PHP dependencies ├── .env.example # Config template ├── includes/ │ ├── class-oidc-client.php # OIDC protocol │ ├── class-auth-handler.php # WordPress hooks │ ├── class-admin-settings.php # Admin page │ └── class-backchannel-logout.php # Backchannel logout handler └── Documentation ├── QUICKSTART.md ├── INSTALLATION.md ├── CONFIG.md └── ARCHITECTURE.md ``` License ------- [](#license) GPL-2.0-or-later Author ------ [](#author) Dubovsky Contributing ------------ [](#contributing) Contributions are welcome. Please ensure: - Code follows WordPress coding standards - Changes are well-documented - Environment variable handling is secure - User-facing changes update documentation ### Health Score 39 — LowBetter than 85% of packages Maintenance96 Actively maintained with recent releases Popularity7 Limited adoption so far Community6 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 51d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/09569819208acfd9e879aa04bea6631765c048191902c4de6189d35dad039085?d=identicon)[rumcais](/maintainers/rumcais) --- Top Contributors [![rumcais](https://avatars.githubusercontent.com/u/6372629?v=4)](https://github.com/rumcais "rumcais (6 commits)") ### Embed Badge ![Health badge](/badges/sitmpcz-wp-oidc/health.svg) ``` [![Health](https://phpackages.com/badges/sitmpcz-wp-oidc/health.svg)](https://phpackages.com/packages/sitmpcz-wp-oidc) ``` ### Alternatives [sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M647](/packages/sylius-sylius)[league/omnipay Omnipay payment processing library 6.1k9.7M165](/packages/league-omnipay)[drupal/core-dev require-dev dependencies from drupal/drupal; use in addition to drupal/core-recommended to run tests from drupal/core. 2021.0M275](/packages/drupal-core-dev)[cheesegrits/filament-google-maps A Google Maps package for Filament PHP with field, column and widget 322533.2k1](/packages/cheesegrits-filament-google-maps)[mailersend/laravel-driver MailerSend Laravel Driver 87732.8k4](/packages/mailersend-laravel-driver)[lokalise/php-lokalise-api Lokalise API client 182.2M2](/packages/lokalise-php-lokalise-api) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)