✔ User registration set up
Completed by Xoliswa S.
- Assigned to
-
Xoliswa S.
- Due on
- Notes
-
User account registration- Okta single signon (e.g. Google account), alternative signup with email address, and two-factor auth (optional to user)
Set up Okta account and see if we can get this integrated so long without having a paid account.
- Installation of miniOrange OAuth Single Sign On
- Setup Google Credentials for OAuth
- Configure Plugin with client ID and secret
- Test SSO button functionality
- Okta plugin installed: okta-wordpress-sign-in-widget-main
ssh into the server and navigate to public_html/ folder and run wp plugin activate okta-wordpress-sign-in-widget-main.
- In the Wordworks Admin: Navigate to Settings -> Okta Sign-In Widget
- Add Okta Issuer URI and Sign-In Widget Client ID [Found in the Wordworks App on Okta Dashboard ]
WordPress Login Page updates to Okta Sign In:
PS: The Login via Wordpress is not permanent just precaution during my testing.
TBC...
- Add user/users in wordpress.
- Export users and import into Okta app
- Navigate to https://wordworks.storiesandscience.co.za/wp-login.php
- Ensure the wp-login page is the Okta UI
- Enter username and password
- Setup verification through MFA, Okta, Google verification app
- Verify code/push notification functionality on Login
- User successfully logged into site through Okta.
[Attach screenshot]
I am stuck on an issue which others have also been having it seems while using Okta, not just for wordpress.
The token endpoint returns a 401. "Client authentication failed. Either the client or the client credentials are invalid."
I have tried to add an env.php on the okta wordpress widget plugin and also tried using an existing auth plugin as I believe the client secret needs to be added. I checked that my grant type allows authorize code in the headers yet I am still stuck after MFA.
This is a recording of the issue, I opened up the network tab as well for the requests to display.
https://www.awesomescreenshot.com/video/32516729?key=085703c8c29d653613e54b5f5f132190
Next steps are calling their support team and trying to see if they can assist. I called and waited on friday until my airtime gave in, I'm going to try again today.
The initial approach to use the okta-wordpress-sign-in-widget was setup however, the plugin approach encountered issues, particularly with the token endpoint failing during the OAuth flow, prompting a deeper investigation into how tokens are exchanged between Okta and WordPress.
This issue requires us to move away from the existing plugins and build a more customized solution.
A custom plugin is ideal to separate the integration code from the theme, making it reusable and easier to maintain across subsites. This approach will structure the login, callback, and user authentication processes modularly, enhancing flexibility. Ref for docs : https://developer.okta.com/code/, we will be using the php sdk.
Go for it, and let me know if you run into issues.
Redirects functioning, finishing up on callback
Next steps
- Completing logic for integration across the sites
- Testing and validation
All logic has been completed for redirect, callback and login
During testing on local I am encountering some issues, the authentication and login loops multiple times although user is recognised the login does not go through, I am adding the plugin to staging to see if the staging url may work better than the localhost.
Plugin on dev branch: https://github.com/Matogen-Digital/WordWorks/tree/dev/wp-content/plugins/md-okta-integration
I was unable to create a support case and I emailed their community support team after their bot proved to not be helpful when it comes to technical issues.
Their support team responded and they politely state that I can only submit the case if I am on a paid account.
So I have two options pose a question and wait or maybe we could chat to the same people we reached out to on the Okta team about the non-profit programme. Please let me know
I will post the question in the meantime and see if anyone responds in the community.
Email from Okta app for User sent.
Latest code pushed to custom plugin:
https://github.com/Matogen-Digital/WordWorks/tree/dev/wp-content/plugins/md-okta-integration
Latest Error :
- Navigate to the Wordworks staging login page.
- This page should display the Okta Login page
If you do NOT have an account :
- Click on Sign Up
- Enter all the relevant details on the sign up form
- An email will be sent to verify your account.
- Setup the Okta verification app on your cellphone
- You will also get other authentication app options as well.
***[Bottleneck]***
You will need to let me know so I can go into the admin and assign you to the wordworks app in the Okta Dashboard.
- Account needs to be approved for the application
Note: I am looking into the rules or actions we can set in place for this.
A task has been created for this.
After go ahead from Okta admin then you go through the Login process.
Wordworks staging login page.
If you do have an account:
- Enter your email address and password
********
Error: User is not assigned to the client application.
If you see this error it means this user is not accepted yet and will need to be assigned.
After successful Login user should have access to admin for workworks site.