π WordPress SSO Plugin using PHP (JWT)
π¦ Plugin Structure
wp-content/plugins/simple-sso/
├── simple-sso.php
├── vendor/π§Ύ Plugin Code
<?php
/* Plugin Name: Simple SSO Login */
require_once __DIR__ . '/vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
add_action('init','simple_sso_login');
function simple_sso_login(){
if(!isset($_GET['sso_token'])) return;
$token = $_GET['sso_token'];
$secret_key = "my_super_secret_key";
try{
$decoded = JWT::decode($token,new Key($secret_key,'HS256'));
$email = $decoded->email;
$user = get_user_by('email',$email);
if(!$user){
$user_id = wp_create_user($email,wp_generate_password(),$email);
$user = get_user_by('id',$user_id);
}
wp_set_current_user($user->ID);
wp_set_auth_cookie($user->ID);
wp_redirect(home_url());
exit;
}catch(Exception $e){
wp_die('Invalid token');
}
}π₯ Install JWT Library
composer require firebase/php-jwtπ Token Generator
<?php
use Firebase\JWT\JWT;
$secret_key = "my_super_secret_key";
$payload = [
"email" => "student@gmail.com",
"iat" => time(),
"exp" => time()+300
];
$jwt = JWT::encode($payload,$secret_key,'HS256');
header("Location: https://yourwpsite.com/?sso_token=".$jwt);
exit;π Flow
User Login → Generate Token → Redirect → WordPress Verify → Login
π Security Tips
- Use HTTPS
- Short expiry (5 min)
- Protect secret key
π MCQs
- JWT stands for JSON Web Token
- SSO means one login multiple systems
No comments:
Post a Comment