blob: fc170f648433d017ea7b0c7678e8d2c96d4a142c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
GNUnet preparation
==================
Setup zone for RP:
gnunet-identity -C martin
Extracted from OpenID connect button 'redirect_uri':
http://127.0.0.1:9999/wp-admin/admin-ajax.php?action/openid-connect-authorize
gnunet-namestore -a -z martin -n @ -t RECLAIM_OIDC_REDIRECT -V http://127.0.0.1:9999/wp-admin/admin-ajax.php?action=openid-connect-authorize -e 1h -p
# Set name of Web site ("wootaler") to be shown to user:
gnunet-namestore -a -z martin -n @ -t RECLAIM_OIDC_CLIENT -V wootaler -e 1h -p
OIDC setup in WooCommerce
=========================
Install OIDC plugin:
sudo -u www-data wp --user=admin plugin install daggerhart-openid-connect-generic --activate
Find existing settings:
sudo -u www-data wp --user=admin option list
Configuration:
1) OpenID client ID is public key of identity:
$ gnunet-identity -d -e martin
For example: 50BMJB6S9MV22BTG541G6XPQVNT7BNT7DZ3ZCCEZXFZPKV3915N0
2) Authorize Endpoint definieren im OpenID Connect Wordpress plugin zu ("Login Endpoint URL"):
https://api.reclaim/openid/authorize
3) Specify client secret key:
$ gnunet-config -s reclaim-rest-plugin -o OIDC_CLIENT_SECRET
default is "secret"
4) OpenID scope: configure the list of desired attributes, i.e.:
"openid profile email full_name given-name family-name organization country address-line1 address-line2 address-level2 address-level1 postal-code tel"
NOTE: The 'oidc-woocommerce.php' contains the logic to convert OIDC
profile data into the WooCommerce shopping form.
5) Token Validation Endpoint URL - where is the GNUnet REST API reachable:
Default is: http://localhost:7776/openid/token
6) Userinfo Endpoint URL - similar:
http://localhost:7776/openid/token/userinfo
7) Identity key: always "sub"
8) Nickname key: use "full_name"
9) Display name formatting: use "{full_name}"
10) Identify with username: check the box
Reclaim setup
=============
1) Install re:claim plugin:
https://addons.mozilla.org/en-US/firefox/addon/reclaimid/
2) Connect GNUnet peers:
Ensure both GNUnet peers (WooCommerce+Reclaim and locale GNUnet installation)
are connected, or for trivial tests export the WooCommerce+Reclaim peer
from qemu to the local host: set BIND_TO option of GNUnet REST service to 0.0.0.0.
Integration Notes:
==================
An action 'openid-connect-generic-register-login-form' was added to
the OIDC plugin. This is needed to nicely integrate the OIDC plugin
with WooCommerce using the 'oidc-woocommerce.php' snippet.
|