Add support for user sync for users created via wordpress

[nanu-c]

All Submissions:

• Have you followed the plugin Contributing guideline?
• Does your code follow the WordPress' coding standards?
• Have you checked to ensure there aren't other open Pull Requests for the same update/change?

Changes proposed in this Pull Request:

My use case is, that when a user buys something via woocomerce and creates a user, the user should be synced to keycloak. Currently there is a Plugin WordPress Single Sign-On SSO that has in the 700$ tier this functionality. The problem is, it uses saml and not oidc and also i need to write custom theme hooks for elementor so i implemented this with openid-connect-generic.

Another use case would be to use event plugins that are creating users for event registrations etc.

I used the user_register filter and when no url is entered nothing happens. I used the keycloak admin rest api for getting an access token, creating a user and setting a password.

If needed i can provide a minimal keycloak docker compose repo.

Room for improvements

Sync also metadata to keycloak or provide a function to do so.

Closes #520 .

How to test the changes in this Pull Request:

1. Setup keycloak, ensure that the client_id has the permission to create users
2. Set the endpoint_usercreation in the settings or via env var
3. Enable user registrations in wp
4. Register a user
5. Check if user is created in keycloak

or
4. set up woocomerce
5. checkout + create User account + enter a password

or
4. add this code somewhere

		$username = 'test'. rand(0, 1000);
		$email = $username . '@test.com';
		$password = 'test';
		$user_id = wp_create_user( $username, $password, $email );
		if ( ! is_wp_error( $user_id ) ) {
			echo "User ID : ". $user_id;
			exit(0);
		}

Other information:

• Have you added an explanation of what your changes do and why you'd like us to include them?
• Have you written new tests for your changes, as applicable?
  I didn't manage to get the test run.

daggerhart-openid-connect-generic$ yarn test
yarn run v1.22.10
$ npm run grunt test

> [email protected] grunt
> node_modules/.bin/grunt test

Running "checktextdomain:files" (checktextdomain) task

✔ No problems


Running "shell:phpunit" (shell) task
/bin/sh: 1: vendor/bin/phpunit: not found
Warning: Command failed: vendor/bin/phpunit
/bin/sh: 1: vendor/bin/phpunit: not found
 Use --force to continue.

This line in the pull request template has a typo
https://github.com/oidc-wp/openid-connect-generic/blob/develop/.github/PULL_REQUEST_TEMPLATE.md?plain=1#L3C30-L3C59
And the https://github.com/oidc-wp/openid-connect-generic/wiki/How-to-setup-the-plugin-development-environment has wrong commands because npm start should be npm run start, but that doesn't exist either.

• Have you successfully run tests with your changes locally?

Changelog entry

Enter a summary of all changes on this Pull Request. This will appear in the changelog if accepted.
Add support for user sync to keycloak for users created via wordpress/woocomerce

[timnolte]

Is there a reason you just didn't use the hooks the plugin provides to add your own settings fields and perform these actions?

I really don't want to add IDP specific code into the core plugin. This is partly due to the fact that this code would only work or be applicable to only some users and it puts even more maintenance overhead on the core plugin.

If you'd want to create your own plugin as an addon that provides Keycloak specific functionality/support I'd be happy to feature that as an available add-on for the plugin. Also if there would be the need for additional hooks or filters added to this plugin to support that I'd be happy to work with you to include that.

[timnolte]

FYI, also note that you hardcoded a secret into the code changes you submitted.

[nanu-c]

The secret is from my local testing, i will remove it, thanks for the hint. I see that this is not standard oidc code. If I want to transform it into a plugin that extends openid-connect-generic, how can i access the private functions? Hence access the settings to get the client secrets?
The hooks the current plugin are fine to extend but this use case is the other way round. The plugin should hook into wordpress and i don't want to duplicate the idp settings in 2 different plugins. For this to work the private $client; has to be public. Can we add a function for get_client()?

[timnolte]

All of the plugin settings are stored in the wp_options tables like any plugin, there is an aspect of support for using constants instead of wp_options values so you may have to check for both to pull these for use in your hooks.

[timnolte]

You can see an example of a MU Plugin add-on here. https://github.com/oidc-wp/oidc-generic-button-text-addon

You can see an example of an add-on plugin here: https://github.com/oidc-wp/oidc-wp-roles

[nanu-c]

Okey thank you for the hints, i made it to work yesterday 👍. Actually we don't have Wp plugins in the official repo , and actually don't know if we have the resources to do so.

[timnolte]

@nanu-c if you have a GitHub repository that I can link to I'd be happy to do that. If at some point I am able to support it I may consider taking it on. Thanks!