From 20552dc899b91b15623dc3be4008420b6e7ff53d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A7alo=20Pereira?= Date: Wed, 11 Sep 2024 11:44:36 +0100 Subject: [PATCH] website/integrations: Add offline_access scope for WordPress (#11274) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add offline_access scope Signed-off-by: Gonçalo Pereira * Typo Signed-off-by: Gonçalo Pereira * Added Scopes needed by Wordpress to Authentik config docs Signed-off-by: Gonçalo Pereira * Update website/integrations/services/wordpress/index.md Co-authored-by: Tana M Berry Signed-off-by: Gonçalo Pereira * Apply suggestions from code review Signed-off-by: Jens L. --------- Signed-off-by: Gonçalo Pereira Signed-off-by: Jens L. Co-authored-by: Tana M Berry Co-authored-by: Jens L. --- website/integrations/services/wordpress/index.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/website/integrations/services/wordpress/index.md b/website/integrations/services/wordpress/index.md index 5aba201df5..6f30f50717 100644 --- a/website/integrations/services/wordpress/index.md +++ b/website/integrations/services/wordpress/index.md @@ -38,6 +38,7 @@ Only settings that have been modified from default have been listed. - Client ID: Copy and Save this for Later - Client Secret: Copy and Save this for later - Redirect URIs/Origins: `https://wp.company/wp-admin/admin-ajax.php\?action=openid-connect-authorize` +- Scopes: _email_, _offline_access_, _openid_, _profile_ ### Step 2 - WordPress @@ -54,12 +55,16 @@ Only settings that have been modified from default have been listed. - Login Type: OpenID Connect Button on Login (This option display a button to login using OpenID as well as local WP login) - Client ID: Client ID from step 1 - Client Secret: Client Secret from step 1 -- OpenID Scope: `email profile openid` +- OpenID Scope: `email profile openid offline_access` - Login Endpoint URL: `https://authentik.company/application/o/authorize/` - Userinfo Endpoint URL: `https://authentik.company/application/o/userinfo/` - Token Validation Endpoint URL: `https://authentik.company/application/o/token/` - End Session Endpoint URL: `https://authentik.company/application/o/wordpress/end-session/` +:::note +Make sure to include the _offline_access_ scope to ensure refresh tokens are generated. Otherwise your session will expire and force users to manually log in again. Refer to the [OpenID Connect Core specification](https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess) for more information. +::: + :::note Review each setting and choose the ones that you require for your installation. Examples of popular settings are _Link Existing Users_, _Create user if does not exist_, and _Enforce Privacy_ :::