Back
Keystone OIDC

Keystone OIDC

By jfwenisch
Details
View on WordPress
Back

Keystone OIDC transforms your WordPress installation into a fully-featured OpenID Connect (OIDC) identity provider, allowing other applications to authenticate users via your WordPress user database.

Key Features

  • OIDC Authorization Code Flow with PKCE support
  • RS256 JWT signed access tokens and ID tokens
  • Admin UI to create and manage multiple OIDC clients
  • Client secret management – generate and reset secrets securely (shown only once)
  • OIDC Discovery endpoint (/wenisch-tech/keystone-oidc/.well-known/openid-configuration) for automatic client configuration
  • Standard scopes: openid, profile, email
  • Refresh tokens for long-lived sessions
  • Zero additional configuration after install – just create a client and you’re ready

Endpoints

Endpoint
URL

Discovery
/wenisch-tech/keystone-oidc/.well-known/openid-configuration

Authorization
/wenisch-tech/keystone-oidc/oauth/authorize

Token
/wenisch-tech/keystone-oidc/oauth/token

UserInfo
/wenisch-tech/keystone-oidc/oauth/userinfo

JWKS
/wenisch-tech/keystone-oidc/oauth/jwks

Compatibility aliases are also routed under /wenisch-tech/keystone-oidc/protocol/openid-connect/* for clients that still derive Keycloak-style paths from the custom issuer URI. These aliases are not advertised in discovery.

UserInfo Example

For openid profile email, /wenisch-tech/keystone-oidc/oauth/userinfo returns:

`json

{
“sub”: “42”,
“name”: “Jane Doe”,
“given_name”: “Jane”,
“family_name”: “Doe”,
“preferred_username”: “jane”,
“email”: “jane@example.com”,
“email_verified”: true
}
`

sub is the WordPress user ID as a string, `preferred_username` is the WordPress `user_login`, and `email` is the WordPress `user_email`.

Roles are not currently emitted. The plugin does not expose WordPress roles or capabilities in UserInfo or ID tokens.

Quick Start

  1. Install and activate the plugin
  2. Go to OIDC Provider Add Client in your WordPress admin
  3. Enter your application name and redirect URI(s)
  4. Copy the generated Client ID and Client Secret (shown once)
  5. Configure your OIDC client application with the discovery URL shown in the settings

Details

Plugin code:
keystone-oidc
Plugin version:
2.2.2
Author:
jfwenisch
Outdated:
No
WP version:
5.6 or higher
PHP version:
7.4 or higher
Test up to WP version:
6.9.4
Total installations:
0
Last updated:
2026-06-12
Rating:
Times rated:
0
authentication
oauth2
oidc
openid-connect
sso

Related plugins

Plugins that also contain the tag authentication

Limit Login Attempts
Limit Login Attempts
InfiniteWP Client
InfiniteWP Client
WPS Limit Login
WPS Limit Login
Two Factor
Two Factor
WP-Members Membership Plugin
WP-Members Membership Plugin
Google Authenticator
Google Authenticator
We use cookies on our website to enhance your browsing experience. By using our site, you agree to the use of cookies, including those from Google Analytics and Google AdSense, for analytics and personalized advertising. You can view our full privacy policy by clicking here. Thank you for visiting!
Got it
Searchable WordPress plugin database - Plugin for that
Popular tags
image
chatbot
analytics
gallery
comments
e-commerce
button
accessibility
ajax
content
embed
editor
api
form
checkout
buddypress
stats
contact-form
chat
theme
About

Plugin for that tries to help you find the WordPress plugin you are looking for.

Please enjoy an image of Crush (this awesome turtle) and have a lovely day!Crush

We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.

Plugin for that - Created with by Intology