How to setup Single Sign On on WordPress using your custom App/IDP?
Set up single sign on with your custom Identity Provider is possible with our OAuth/OpenID Connect Single Sign On plugin.If you want your users to login to your WordPress site using your Identity Provider credentials it is possible with our plugin. You can SSO users to the WordPress site by using your Custom Provider credentials. Similarly, you can map your WordPress roles based on your Custom Provider attributes/groups. To know more about other features we provide in WP OAuth Client plugin, you can click here.
- If your application supports standard OAuth 2.0 protocol, select Custom OAuth 2.0 App from the applist
- If your application supports standard OpenID Connect protocol, select Custom OpenID Connect App from the applist
If your app doesn’t support standard OAuth/OIDC flow, please reach out to us oauthsupport@xecurify.com and we can provide a customized solution as per your use-case.
What is Single Sign On?
- Single Sign On is a scheme that allows users to login into multiple applications using single set of credentials i.e Username and Password.
- In simple term, Single Sign-On(SSO) means login into 1 site / application using the credentials of another app/site.
- Example- If you have all your Users/Customers/Members/Employees stored on 1 site(ex. gmail, wordpress, etc.), lets say site A and you want all of them to register/login into your WordPress site say site B. In this scenario, you can register/login all your users of site A into Site B using the login credentials/account of Site A. This is call Single Sign-On or SSO.
What is OAuth?
- OAuth (Open Authorization) is an open standard for token-based authentication and authorization which is used to provide single sign-on (SSO).
- OAuth allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password.
- It acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared.
Standard OAuth 2.0 Flow
Client sends the authorization request with a set of query parameters throught the browser which redirect to authorize endpoint on authorization server. This is how sample request looks like
Standard OAuth 2.0 Request:
GET <authorization-endpoint>?
response_type=code
&client_id=<client_id>
&redirect_uri=<callback_url>
&scope=openid&state=<security_token>
- OAuth 2.0 Endpoints
-
1. Authorization Endpoint: The authorization endpoint is the endpoint on the authorization server where the resource owner logs in, and grants authorization to the client application.
Request:
GET https://authorization-server.com/oauth/authorize
?client_id=<client_id>
&response_type=<code>
&state=<state>
&redirect_uri=<redirect_uri>
&scope=<scope>
Response:
HTTP/1.1 302 Found
Location: https://custom-app.com/redirect?code=g0ZGZmNjVmOWI&state=dkZmYxMzE2
Request:
GET https://authorization-server.com/oauth/token
grant_type=<grant_type>
&code=<code>
&redirect_uri=<redirect_uri>
Response:
HTTP/1.1 200 OK
Content-Type: application/json
{
"access_token":"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk",
"scope":"create"
}
Request:
GET https://authorization-server.com/oauth/v1/userinfo
Header:
Authorization : Bearer < access_token / id_token >
Response:
HTTP/1.1 200 OK
Content-Type: application/json
{
"sub" : "248289761001",
"name" : "testuser"
"given_name" : "testuser",
"email" : "testuser@custom-app.com",
}
-
1. Authorization Code Grant
2. Implicit Grant
3. Refresh Token Grant
4. Resource Owner Credentials Grant
5. Client Credentials Grant
| Standard OAuth Request | Custom OAuth Request |
|
|
×
![]()
Hello there!
Need Help? We are right here!
