Changeset 2710778

authress/assets/readme.txt

-                      r2690735
+                      r2710778
 Requires PHP: 7.4
 Tested up to: 5.9.1
 Stable tag: 0.2.53
+Stable tag: 0.2.64
 License: Apache-2.0
 License URI: https://github.com/Authress/wordpress-sso-login/blob/main/LICENSE
 …
 . Enable your users to login with their email for any domain.
+== How to customize this plugin ==
+This plugin provides extension points to make it easier to configure it exactly as you need. Check out the full docs:
+* [SSO Login customizations](https://github.com/Authress/wordpress-sso-login/blob/main/docs/customizations.md)
 == Changelog ==

authress/tags/0.2.64/Authress_Sso_Login.php

-                      r2690735
+                      r2710778
     Plugin URI:   https://wordpress.org/plugins/authress
     Description:  Upgrades the WordPress login to support SSO Login.
     Version:      0.2.53
+    Version:      0.2.64
     Author:       Authress
     Author URI:   https://authress.io
 …
 */
 define( 'AUTHRESS_SSO_LOGIN_VERSION', '0.2.53' );
+define( 'AUTHRESS_SSO_LOGIN_VERSION', '0.2.64' );
 define( 'AUTHRESS_SSO_LOGIN_PLUGIN_FILE', __FILE__ );
 …
  */
 function authress_sso_login_render_lock_form( $html ) {
     authress_debug_log('authress_sso_login_render_lock_form');
+    authress_debug_log('=> authress_sso_login_render_lock_form');
     ob_start();
 …
+    }
     authress_debug_log('Falling back to wp login form');
+    authress_debug_log('=> Falling back to wp login form');
     return $html;
+}
 …
 function authress_sso_login_initial_setup_init() {
     authress_debug_log('authress_sso_login_initial_setup_init');
+    authress_debug_log('=> authress_sso_login_initial_setup_init');
     return false;
+}
 …
 function authress_sso_login_init() {
     authress_debug_log('authress_sso_login_init()');
+    authress_debug_log('=> authress_sso_login_init()');
     $router = new Authress_Sso_Login_Routes( Authress_Sso_Login_Options::Instance() );
     $router->setup_rewrites();
 …
 function check_for_user_logged_in() {
     authress_debug_log('check_for_user_logged_in');
+    authress_debug_log('=> check_for_user_logged_in');
     if (!is_user_logged_in() && isset($_REQUEST['nonce'])) {
 …
         // if (is_user_logged_in()) {
         //  wp_safe_redirect(home_url());
         //  authress_debug_log('User successfully now logged in during handler');
+        //  authress_debug_log('=> User successfully now logged in during handler');
         // } else {
         //  authress_debug_log('User NOT logged in during handler');
+        //  authress_debug_log('=> User NOT logged in during handler');
         // }
         // wp_safe_redirect();
 …
 function authress_sso_login_init_admin_menu() {
     authress_debug_log('authress_sso_login_init_admin_menu');
+    authress_debug_log('=> authress_sso_login_init_admin_menu');
     if (is_admin() && !empty($_REQUEST['page']) && 'authress_help' === $_REQUEST['page']) {
         wp_safe_redirect( admin_url( 'admin.php?page=authress_configuration#help' ), 301 );
 …
 function authress_sso_login_init_admin() {
     authress_debug_log('authress_sso_login_init_admin');
+    authress_debug_log('=> authress_sso_login_init_admin');
     $options = Authress_Sso_Login_Options::Instance();
     $routes  = new Authress_Sso_Login_Routes( $options );
 …
 function authress_sso_login_admin_enqueue_scripts() {
     authress_debug_log('authress_sso_login_admin_enqueue_scripts');
+    authress_debug_log('=> authress_sso_login_admin_enqueue_scripts');
     $options = Authress_Sso_Login_Options::Instance();
     $routes  = new Authress_Sso_Login_Routes( $options );
 …
 function authress_sso_login_profile_enqueue_scripts() {
     authress_debug_log('authress_sso_login_profile_enqueue_scripts');
+    authress_debug_log('=> authress_sso_login_profile_enqueue_scripts');
     global $pagenow;
 …
     $users_repo    = new Authress_Sso_Login_UsersRepo( Authress_Sso_Login_Options::Instance() );
     $login_manager = new Authress_Sso_Login_LoginManager( $users_repo, Authress_Sso_Login_Options::Instance() );
     authress_debug_log('authress_wp_page_loaded');
+    authress_debug_log('=> authress_wp_page_loaded');
     return $login_manager->init_authress();
+}
 …
     $users_repo    = new Authress_Sso_Login_UsersRepo( Authress_Sso_Login_Options::Instance() );
     $login_manager = new Authress_Sso_Login_LoginManager( $users_repo, Authress_Sso_Login_Options::Instance() );
     authress_debug_log('authress_wp_login_widget_loaded');
+    authress_debug_log('=> authress_wp_login_widget_loaded');
     return $login_manager->login_auto();
+}

authress/tags/0.2.64/lib/Authress_Sso_Login_LoginManager.php

-                      r2690711
+                      r2710778
      */
     public function login_auto() {
         authress_debug_log('login_auto');
+        authress_debug_log('=> login_auto');
         // Not processing form data, just using a redirect parameter if present.
         // phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification
 …
      */
     public function init_authress() {
         authress_debug_log('init_authress');
+        authress_debug_log('=> init_authress');
         // Not an Authress login process or settings are not configured to allow logins.
 …
         if ( is_user_logged_in() ) {
             // wp_safe_redirect( $this->a0_options->get( 'default_login_redirection' ) );
             authress_debug_log('user_logged_in: returning without further setup');
+            authress_debug_log('    returning without further setup');
             return true;
+        }
 …
      */
     public function handle_login_redirect() {
         authress_debug_log('handle_login_redirect');
+        authress_debug_log('=> handle_login_redirect');
         $access_token = sanitize_text_field(isset($_COOKIE['authorization']) ? wp_unslash($_COOKIE['authorization']) : '');
         if (!isset($_COOKIE['authorization']) && isset($_REQUEST['access_token'])) {
 …
+        }
         authress_debug_log('access_token: ' . $access_token);
         authress_debug_log('id_token:' . $id_token);
+        authress_debug_log('    access_token: ' . $access_token);
+        authress_debug_log('    id_token:' . $id_token);
         if (empty($id_token) || empty($access_token)) {
             authress_debug_log('No tokens set, user is not logged in');
+            authress_debug_log('    No tokens set, user is not logged in');
             return false;
+        }
 …
         if ( $this->login_user($userinfo) ) {
             authress_debug_log('Tokens set, user is logged in');
+            authress_debug_log('    Tokens set, user is logged in');
             return true;
+        }
 …
         if ( ! is_null( $user ) ) {
             authress_debug_log('Existing user: updating');
+            authress_debug_log('    Existing user: updating');
             // User exists so log them in.
             if ( isset( $userinfo->email ) && $user->data->user_email !== $userinfo->email ) {
 …
+        }
         try {
             authress_debug_log('New user: creating.');
+            authress_debug_log('    New user: creating.');
             $creator = new Authress_Sso_Login_UsersRepo( $this->a0_options );
             $user_id = $creator->create( $userinfo);
 …
      */
     private function do_login( $user) {
         authress_debug_log('LoginManager.do_login');
+        authress_debug_log('=> LoginManager.do_login');
         $remember_users_session = $this->a0_options->get( 'remember_users_session', true);
 …
      */
     protected function die_on_login( $msg = '', $code = 0 ) {
         authress_debug_log('Ending User Session.');
+        authress_debug_log('    Ending User Session: ' . $msg . ' ' . $code);
         // Log the user out completely.
 …
      */
     private function decode_id_token( $id_token ) {
+        authress_debug_log('=> decode_id_token()');
         $expectedIss = $this->a0_options->get_auth_domain();
 …
         $jwk = null;
         $signer = new Signer\Eddsa();
+        $signer = null;
         foreach ( $keys as $element ) {
+            if ( $keyId === $element->kid ) {
+                $jwk = json_decode(wp_json_encode($element), true);
+                if ($element->alg === 'RS512') {
+                    $signer = new Signer\Rsa\Sha512();
+                }
+            if ( $keyId !== $element->kid ) {
+                continue;
+            }
+        }
+        if ($jwk === null) {
+            if ($element->alg === 'RS512') {
+                $signer = new Signer\Rsa\Sha512();
+                $jwkConverter = new CoderCat\JWKToPEM\JWKConverter();
+                $jwk = InMemory::plainText($jwkConverter->toPEM(json_decode(wp_json_encode($element), true)));
+            } else {
+                $signer = new Signer\Eddsa();
+                $jwk = InMemory::plainText(base64_decode(strtr($element->x, '-_', '+/')), true);
+            }
+        }
+        if (empty($jwk) || $jwk === null) {
+            authress_debug_log('   No $JWK found: ' . wp_json_encode($keys));
             throw new Authress_Sso_Login_InvalidIdTokenException();
+        }
-        $jwkConverter = new CoderCat\JWKToPEM\JWKConverter();
         $config->setValidationConstraints(new Constraint\LooseValidAt(SystemClock::fromUTC()));
         $config->setValidationConstraints(new Constraint\IssuedBy($expectedIss));
         $config->setValidationConstraints(new Constraint\SignedWith($signer, InMemory::plainText($jwkConverter->toPEM($jwk))));
+        $config->setValidationConstraints(new Constraint\SignedWith($signer, $jwk));
         $constraints = $config->validationConstraints();
         try {
             $config->validator()->assert($token, ...$constraints);
 …
             return $userObject;
         } catch (RequiredConstraintsViolated $e) {
+            authress_debug_log('   Invalid user authentication token. Error:' . $e->violations());
             Authress_Sso_Login_ErrorLog::insert_error( __METHOD__, __( 'Invalid user authentication token:', 'wp-authress' ) . $e->violations());
+            throw new Authress_Sso_Login_InvalidIdTokenException($e);
+        } catch (Exception $e) {
+            authress_debug_log('   Invalid user authentication token. Error:' . $e->getMessage());
+            Authress_Sso_Login_ErrorLog::insert_error( __METHOD__, __( 'Failed to verify authentication token:', 'wp-authress' ) . $e->getMessage());
             throw new Authress_Sso_Login_InvalidIdTokenException($e);
+        }

authress/tags/0.2.64/readme.txt

-                      r2690735
+                      r2710778
 Requires PHP: 7.4
 Tested up to: 5.9.1
 Stable tag: 0.2.53
+Stable tag: 0.2.64
 License: Apache-2.0
 License URI: https://github.com/Authress/wordpress-sso-login/blob/main/LICENSE
 …
 . Enable your users to login with their email for any domain.
+== How to customize this plugin ==
+This plugin provides extension points to make it easier to configure it exactly as you need. Check out the full docs:
+* [SSO Login customizations](https://github.com/Authress/wordpress-sso-login/blob/main/docs/customizations.md)
 == Changelog ==

authress/tags/0.2.64/vendor/autoload.php

r2690735	r2710778
5	5	require_once __DIR__ . '/composer/autoload_real.php';
6	6
7		return ComposerAutoloaderInit~~2b0eb5c91ca35dcfd0eb17b49510ab~~dd::getLoader();
	7	return ComposerAutoloaderInitcd79ff3a427c493345a770421550b0dd::getLoader();

authress/tags/0.2.64/vendor/composer/InstalledVersions.php

-                      r2690735
+                      r2710778
     array (
     ),
     'reference' => '887bb439e965d138b19569d28fdd7ec6a345c567',
+    'reference' => '8523a3c12a09017ad75cc6d9047d9c22a167330d',
     'name' => 'authress/wordpress-plugin.php',
   ),
 …
       array (
       ),
       'reference' => '887bb439e965d138b19569d28fdd7ec6a345c567',
+      'reference' => '8523a3c12a09017ad75cc6d9047d9c22a167330d',
     ),
     'codercat/jwk-to-pem' =>

authress/tags/0.2.64/vendor/composer/autoload_real.php

-                      r2690735
+                      r2710778
 // autoload_real.php @generated by Composer
 class ComposerAutoloaderInit2b0eb5c91ca35dcfd0eb17b49510abdd
+class ComposerAutoloaderInitcd79ff3a427c493345a770421550b0dd
+{
     private static $loader;
 …
         require __DIR__ . '/platform_check.php';
         spl_autoload_register(array('ComposerAutoloaderInit2b0eb5c91ca35dcfd0eb17b49510abdd', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInitcd79ff3a427c493345a770421550b0dd', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
         spl_autoload_unregister(array('ComposerAutoloaderInit2b0eb5c91ca35dcfd0eb17b49510abdd', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInitcd79ff3a427c493345a770421550b0dd', 'loadClassLoader'));
         $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
 …
             require __DIR__ . '/autoload_static.php';
             call_user_func(\Composer\Autoload\ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::getInitializer($loader));
+            call_user_func(\Composer\Autoload\ComposerStaticInitcd79ff3a427c493345a770421550b0dd::getInitializer($loader));
         } else {
             $map = require __DIR__ . '/autoload_namespaces.php';
 …
         if ($useStaticLoader) {
             $includeFiles = Composer\Autoload\ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$files;
+            $includeFiles = Composer\Autoload\ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$files;
         } else {
             $includeFiles = require __DIR__ . '/autoload_files.php';
+        }
         foreach ($includeFiles as $fileIdentifier => $file) {
             composerRequire2b0eb5c91ca35dcfd0eb17b49510abdd($fileIdentifier, $file);
+            composerRequirecd79ff3a427c493345a770421550b0dd($fileIdentifier, $file);
+        }
 …
+}
 function composerRequire2b0eb5c91ca35dcfd0eb17b49510abdd($fileIdentifier, $file)
+function composerRequirecd79ff3a427c493345a770421550b0dd($fileIdentifier, $file)
+{
     if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {

authress/tags/0.2.64/vendor/composer/autoload_static.php

-                      r2690735
+                      r2710778
 namespace Composer\Autoload;
 class ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd
+class ComposerStaticInitcd79ff3a427c493345a770421550b0dd
+{
     public static $files = array (
 …
+    {
         return \Closure::bind(function () use ($loader) {
             $loader->prefixLengthsPsr4 = ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$prefixDirsPsr4;
             $loader->fallbackDirsPsr4 = ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$fallbackDirsPsr4;
             $loader->classMap = ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$prefixDirsPsr4;
+            $loader->fallbackDirsPsr4 = ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$fallbackDirsPsr4;
+            $loader->classMap = ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$classMap;
         }, null, ClassLoader::class);

authress/tags/0.2.64/vendor/composer/installed.php

-                      r2690735
+                      r2710778
     array (
     ),
     'reference' => '887bb439e965d138b19569d28fdd7ec6a345c567',
+    'reference' => '8523a3c12a09017ad75cc6d9047d9c22a167330d',
     'name' => 'authress/wordpress-plugin.php',
   ),
 …
       array (
       ),
       'reference' => '887bb439e965d138b19569d28fdd7ec6a345c567',
+      'reference' => '8523a3c12a09017ad75cc6d9047d9c22a167330d',
     ),
     'codercat/jwk-to-pem' =>

authress/tags/0.2.64/wordpress/readme.txt

-                      r2690735
+                      r2710778
 Requires PHP: 7.4
 Tested up to: 5.9.1
 Stable tag: 0.2.53
+Stable tag: 0.2.64
 License: Apache-2.0
 License URI: https://github.com/Authress/wordpress-sso-login/blob/main/LICENSE
 …
 . Enable your users to login with their email for any domain.
+== How to customize this plugin ==
+This plugin provides extension points to make it easier to configure it exactly as you need. Check out the full docs:
+* [SSO Login customizations](https://github.com/Authress/wordpress-sso-login/blob/main/docs/customizations.md)
 == Changelog ==

authress/trunk/Authress_Sso_Login.php

-                      r2690735
+                      r2710778
     Plugin URI:   https://wordpress.org/plugins/authress
     Description:  Upgrades the WordPress login to support SSO Login.
     Version:      0.2.53
+    Version:      0.2.64
     Author:       Authress
     Author URI:   https://authress.io
 …
 */
 define( 'AUTHRESS_SSO_LOGIN_VERSION', '0.2.53' );
+define( 'AUTHRESS_SSO_LOGIN_VERSION', '0.2.64' );
 define( 'AUTHRESS_SSO_LOGIN_PLUGIN_FILE', __FILE__ );
 …
  */
 function authress_sso_login_render_lock_form( $html ) {
     authress_debug_log('authress_sso_login_render_lock_form');
+    authress_debug_log('=> authress_sso_login_render_lock_form');
     ob_start();
 …
+    }
     authress_debug_log('Falling back to wp login form');
+    authress_debug_log('=> Falling back to wp login form');
     return $html;
+}
 …
 function authress_sso_login_initial_setup_init() {
     authress_debug_log('authress_sso_login_initial_setup_init');
+    authress_debug_log('=> authress_sso_login_initial_setup_init');
     return false;
+}
 …
 function authress_sso_login_init() {
     authress_debug_log('authress_sso_login_init()');
+    authress_debug_log('=> authress_sso_login_init()');
     $router = new Authress_Sso_Login_Routes( Authress_Sso_Login_Options::Instance() );
     $router->setup_rewrites();
 …
 function check_for_user_logged_in() {
     authress_debug_log('check_for_user_logged_in');
+    authress_debug_log('=> check_for_user_logged_in');
     if (!is_user_logged_in() && isset($_REQUEST['nonce'])) {
 …
         // if (is_user_logged_in()) {
         //  wp_safe_redirect(home_url());
         //  authress_debug_log('User successfully now logged in during handler');
+        //  authress_debug_log('=> User successfully now logged in during handler');
         // } else {
         //  authress_debug_log('User NOT logged in during handler');
+        //  authress_debug_log('=> User NOT logged in during handler');
         // }
         // wp_safe_redirect();
 …
 function authress_sso_login_init_admin_menu() {
     authress_debug_log('authress_sso_login_init_admin_menu');
+    authress_debug_log('=> authress_sso_login_init_admin_menu');
     if (is_admin() && !empty($_REQUEST['page']) && 'authress_help' === $_REQUEST['page']) {
         wp_safe_redirect( admin_url( 'admin.php?page=authress_configuration#help' ), 301 );
 …
 function authress_sso_login_init_admin() {
     authress_debug_log('authress_sso_login_init_admin');
+    authress_debug_log('=> authress_sso_login_init_admin');
     $options = Authress_Sso_Login_Options::Instance();
     $routes  = new Authress_Sso_Login_Routes( $options );
 …
 function authress_sso_login_admin_enqueue_scripts() {
     authress_debug_log('authress_sso_login_admin_enqueue_scripts');
+    authress_debug_log('=> authress_sso_login_admin_enqueue_scripts');
     $options = Authress_Sso_Login_Options::Instance();
     $routes  = new Authress_Sso_Login_Routes( $options );
 …
 function authress_sso_login_profile_enqueue_scripts() {
     authress_debug_log('authress_sso_login_profile_enqueue_scripts');
+    authress_debug_log('=> authress_sso_login_profile_enqueue_scripts');
     global $pagenow;
 …
     $users_repo    = new Authress_Sso_Login_UsersRepo( Authress_Sso_Login_Options::Instance() );
     $login_manager = new Authress_Sso_Login_LoginManager( $users_repo, Authress_Sso_Login_Options::Instance() );
     authress_debug_log('authress_wp_page_loaded');
+    authress_debug_log('=> authress_wp_page_loaded');
     return $login_manager->init_authress();
+}
 …
     $users_repo    = new Authress_Sso_Login_UsersRepo( Authress_Sso_Login_Options::Instance() );
     $login_manager = new Authress_Sso_Login_LoginManager( $users_repo, Authress_Sso_Login_Options::Instance() );
     authress_debug_log('authress_wp_login_widget_loaded');
+    authress_debug_log('=> authress_wp_login_widget_loaded');
     return $login_manager->login_auto();
+}

authress/trunk/lib/Authress_Sso_Login_LoginManager.php

-                      r2690711
+                      r2710778
      */
     public function login_auto() {
         authress_debug_log('login_auto');
+        authress_debug_log('=> login_auto');
         // Not processing form data, just using a redirect parameter if present.
         // phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification
 …
      */
     public function init_authress() {
         authress_debug_log('init_authress');
+        authress_debug_log('=> init_authress');
         // Not an Authress login process or settings are not configured to allow logins.
 …
         if ( is_user_logged_in() ) {
             // wp_safe_redirect( $this->a0_options->get( 'default_login_redirection' ) );
             authress_debug_log('user_logged_in: returning without further setup');
+            authress_debug_log('    returning without further setup');
             return true;
+        }
 …
      */
     public function handle_login_redirect() {
         authress_debug_log('handle_login_redirect');
+        authress_debug_log('=> handle_login_redirect');
         $access_token = sanitize_text_field(isset($_COOKIE['authorization']) ? wp_unslash($_COOKIE['authorization']) : '');
         if (!isset($_COOKIE['authorization']) && isset($_REQUEST['access_token'])) {
 …
+        }
         authress_debug_log('access_token: ' . $access_token);
         authress_debug_log('id_token:' . $id_token);
+        authress_debug_log('    access_token: ' . $access_token);
+        authress_debug_log('    id_token:' . $id_token);
         if (empty($id_token) || empty($access_token)) {
             authress_debug_log('No tokens set, user is not logged in');
+            authress_debug_log('    No tokens set, user is not logged in');
             return false;
+        }
 …
         if ( $this->login_user($userinfo) ) {
             authress_debug_log('Tokens set, user is logged in');
+            authress_debug_log('    Tokens set, user is logged in');
             return true;
+        }
 …
         if ( ! is_null( $user ) ) {
             authress_debug_log('Existing user: updating');
+            authress_debug_log('    Existing user: updating');
             // User exists so log them in.
             if ( isset( $userinfo->email ) && $user->data->user_email !== $userinfo->email ) {
 …
+        }
         try {
             authress_debug_log('New user: creating.');
+            authress_debug_log('    New user: creating.');
             $creator = new Authress_Sso_Login_UsersRepo( $this->a0_options );
             $user_id = $creator->create( $userinfo);
 …
      */
     private function do_login( $user) {
         authress_debug_log('LoginManager.do_login');
+        authress_debug_log('=> LoginManager.do_login');
         $remember_users_session = $this->a0_options->get( 'remember_users_session', true);
 …
      */
     protected function die_on_login( $msg = '', $code = 0 ) {
         authress_debug_log('Ending User Session.');
+        authress_debug_log('    Ending User Session: ' . $msg . ' ' . $code);
         // Log the user out completely.
 …
      */
     private function decode_id_token( $id_token ) {
+        authress_debug_log('=> decode_id_token()');
         $expectedIss = $this->a0_options->get_auth_domain();
 …
         $jwk = null;
         $signer = new Signer\Eddsa();
+        $signer = null;
         foreach ( $keys as $element ) {
+            if ( $keyId === $element->kid ) {
+                $jwk = json_decode(wp_json_encode($element), true);
+                if ($element->alg === 'RS512') {
+                    $signer = new Signer\Rsa\Sha512();
+                }
+            if ( $keyId !== $element->kid ) {
+                continue;
+            }
+        }
+        if ($jwk === null) {
+            if ($element->alg === 'RS512') {
+                $signer = new Signer\Rsa\Sha512();
+                $jwkConverter = new CoderCat\JWKToPEM\JWKConverter();
+                $jwk = InMemory::plainText($jwkConverter->toPEM(json_decode(wp_json_encode($element), true)));
+            } else {
+                $signer = new Signer\Eddsa();
+                $jwk = InMemory::plainText(base64_decode(strtr($element->x, '-_', '+/')), true);
+            }
+        }
+        if (empty($jwk) || $jwk === null) {
+            authress_debug_log('   No $JWK found: ' . wp_json_encode($keys));
             throw new Authress_Sso_Login_InvalidIdTokenException();
+        }
-        $jwkConverter = new CoderCat\JWKToPEM\JWKConverter();
         $config->setValidationConstraints(new Constraint\LooseValidAt(SystemClock::fromUTC()));
         $config->setValidationConstraints(new Constraint\IssuedBy($expectedIss));
         $config->setValidationConstraints(new Constraint\SignedWith($signer, InMemory::plainText($jwkConverter->toPEM($jwk))));
+        $config->setValidationConstraints(new Constraint\SignedWith($signer, $jwk));
         $constraints = $config->validationConstraints();
         try {
             $config->validator()->assert($token, ...$constraints);
 …
             return $userObject;
         } catch (RequiredConstraintsViolated $e) {
+            authress_debug_log('   Invalid user authentication token. Error:' . $e->violations());
             Authress_Sso_Login_ErrorLog::insert_error( __METHOD__, __( 'Invalid user authentication token:', 'wp-authress' ) . $e->violations());
+            throw new Authress_Sso_Login_InvalidIdTokenException($e);
+        } catch (Exception $e) {
+            authress_debug_log('   Invalid user authentication token. Error:' . $e->getMessage());
+            Authress_Sso_Login_ErrorLog::insert_error( __METHOD__, __( 'Failed to verify authentication token:', 'wp-authress' ) . $e->getMessage());
             throw new Authress_Sso_Login_InvalidIdTokenException($e);
+        }

authress/trunk/readme.txt

-                      r2690735
+                      r2710778
 Requires PHP: 7.4
 Tested up to: 5.9.1
 Stable tag: 0.2.53
+Stable tag: 0.2.64
 License: Apache-2.0
 License URI: https://github.com/Authress/wordpress-sso-login/blob/main/LICENSE
 …
 . Enable your users to login with their email for any domain.
+== How to customize this plugin ==
+This plugin provides extension points to make it easier to configure it exactly as you need. Check out the full docs:
+* [SSO Login customizations](https://github.com/Authress/wordpress-sso-login/blob/main/docs/customizations.md)
 == Changelog ==

authress/trunk/vendor/autoload.php

r2690735	r2710778
5	5	require_once __DIR__ . '/composer/autoload_real.php';
6	6
7		return ComposerAutoloaderInit~~2b0eb5c91ca35dcfd0eb17b49510ab~~dd::getLoader();
	7	return ComposerAutoloaderInitcd79ff3a427c493345a770421550b0dd::getLoader();

authress/trunk/vendor/composer/InstalledVersions.php

-                      r2690735
+                      r2710778
     array (
     ),
     'reference' => '887bb439e965d138b19569d28fdd7ec6a345c567',
+    'reference' => '8523a3c12a09017ad75cc6d9047d9c22a167330d',
     'name' => 'authress/wordpress-plugin.php',
   ),
 …
       array (
       ),
       'reference' => '887bb439e965d138b19569d28fdd7ec6a345c567',
+      'reference' => '8523a3c12a09017ad75cc6d9047d9c22a167330d',
     ),
     'codercat/jwk-to-pem' =>

authress/trunk/vendor/composer/autoload_real.php

-                      r2690735
+                      r2710778
 // autoload_real.php @generated by Composer
 class ComposerAutoloaderInit2b0eb5c91ca35dcfd0eb17b49510abdd
+class ComposerAutoloaderInitcd79ff3a427c493345a770421550b0dd
+{
     private static $loader;
 …
         require __DIR__ . '/platform_check.php';
         spl_autoload_register(array('ComposerAutoloaderInit2b0eb5c91ca35dcfd0eb17b49510abdd', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInitcd79ff3a427c493345a770421550b0dd', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
         spl_autoload_unregister(array('ComposerAutoloaderInit2b0eb5c91ca35dcfd0eb17b49510abdd', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInitcd79ff3a427c493345a770421550b0dd', 'loadClassLoader'));
         $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
 …
             require __DIR__ . '/autoload_static.php';
             call_user_func(\Composer\Autoload\ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::getInitializer($loader));
+            call_user_func(\Composer\Autoload\ComposerStaticInitcd79ff3a427c493345a770421550b0dd::getInitializer($loader));
         } else {
             $map = require __DIR__ . '/autoload_namespaces.php';
 …
         if ($useStaticLoader) {
             $includeFiles = Composer\Autoload\ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$files;
+            $includeFiles = Composer\Autoload\ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$files;
         } else {
             $includeFiles = require __DIR__ . '/autoload_files.php';
+        }
         foreach ($includeFiles as $fileIdentifier => $file) {
             composerRequire2b0eb5c91ca35dcfd0eb17b49510abdd($fileIdentifier, $file);
+            composerRequirecd79ff3a427c493345a770421550b0dd($fileIdentifier, $file);
+        }
 …
+}
 function composerRequire2b0eb5c91ca35dcfd0eb17b49510abdd($fileIdentifier, $file)
+function composerRequirecd79ff3a427c493345a770421550b0dd($fileIdentifier, $file)
+{
     if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {

authress/trunk/vendor/composer/autoload_static.php

-                      r2690735
+                      r2710778
 namespace Composer\Autoload;
 class ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd
+class ComposerStaticInitcd79ff3a427c493345a770421550b0dd
+{
     public static $files = array (
 …
+    {
         return \Closure::bind(function () use ($loader) {
             $loader->prefixLengthsPsr4 = ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$prefixDirsPsr4;
             $loader->fallbackDirsPsr4 = ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$fallbackDirsPsr4;
             $loader->classMap = ComposerStaticInit2b0eb5c91ca35dcfd0eb17b49510abdd::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$prefixDirsPsr4;
+            $loader->fallbackDirsPsr4 = ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$fallbackDirsPsr4;
+            $loader->classMap = ComposerStaticInitcd79ff3a427c493345a770421550b0dd::$classMap;
         }, null, ClassLoader::class);

authress/trunk/vendor/composer/installed.php

-                      r2690735
+                      r2710778
     array (
     ),
     'reference' => '887bb439e965d138b19569d28fdd7ec6a345c567',
+    'reference' => '8523a3c12a09017ad75cc6d9047d9c22a167330d',
     'name' => 'authress/wordpress-plugin.php',
   ),
 …
       array (
       ),
       'reference' => '887bb439e965d138b19569d28fdd7ec6a345c567',
+      'reference' => '8523a3c12a09017ad75cc6d9047d9c22a167330d',
     ),
     'codercat/jwk-to-pem' =>

authress/trunk/wordpress/readme.txt

-                      r2690735
+                      r2710778
 Requires PHP: 7.4
 Tested up to: 5.9.1
 Stable tag: 0.2.53
+Stable tag: 0.2.64
 License: Apache-2.0
 License URI: https://github.com/Authress/wordpress-sso-login/blob/main/LICENSE
 …
 . Enable your users to login with their email for any domain.
+== How to customize this plugin ==
+This plugin provides extension points to make it easier to configure it exactly as you need. Check out the full docs:
+* [SSO Login customizations](https://github.com/Authress/wordpress-sso-login/blob/main/docs/customizations.md)
 == Changelog ==

Plugin Directory

Context Navigation

Legend:

authress/assets/readme.txt

authress/tags/0.2.64/Authress_Sso_Login.php

authress/tags/0.2.64/lib/Authress_Sso_Login_LoginManager.php

authress/tags/0.2.64/readme.txt

authress/tags/0.2.64/vendor/autoload.php

authress/tags/0.2.64/vendor/composer/InstalledVersions.php

authress/tags/0.2.64/vendor/composer/autoload_real.php

authress/tags/0.2.64/vendor/composer/autoload_static.php

authress/tags/0.2.64/vendor/composer/installed.php

authress/tags/0.2.64/wordpress/readme.txt

authress/trunk/Authress_Sso_Login.php

authress/trunk/lib/Authress_Sso_Login_LoginManager.php

authress/trunk/readme.txt

authress/trunk/vendor/autoload.php

authress/trunk/vendor/composer/InstalledVersions.php

authress/trunk/vendor/composer/autoload_real.php

authress/trunk/vendor/composer/autoload_static.php

authress/trunk/vendor/composer/installed.php

authress/trunk/wordpress/readme.txt

Download in other formats: