{"id":35,"date":"2025-05-27T11:58:51","date_gmt":"2025-05-27T09:58:51","guid":{"rendered":"https:\/\/solarxbike.se\/labbet\/webfinger\/?p=35"},"modified":"2025-06-13T09:57:57","modified_gmt":"2025-06-13T07:57:57","slug":"oidc-openid","status":"publish","type":"post","link":"https:\/\/solarxbike.se\/labbet\/digitalid\/2025\/05\/27\/oidc-openid\/","title":{"rendered":"OIDC &#8211; OpenID"},"content":{"rendered":"\n<p>Identifiering med OIDC<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Okta<\/li>\n\n\n\n<li><a href=\"https:\/\/plugins.miniorange.com\/sv\/login-with-freja-eid-using-wordpress-oauth-client\">miniOrange<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/frejaeid.atlassian.net\/wiki\/spaces\/DOC\/pages\/35029022\/Freja+Mobile+Application+Testing+Instructions\">Atlassian<\/a> <\/li>\n\n\n\n<li>Freja | <a href=\"https:\/\/minasidor.frejaeid.com\/#\/\">Mina Sidor<\/a> | <a href=\"https:\/\/www.swedbank-aktiellt.se\/telegram\/sW77x1IE\">Swedbank<\/a> ||<\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/oidc-wp\/openid-connect-generic\">Open Connect Generic [ KTH ]<\/a> | <a href=\"https:\/\/wordpress.org\/plugins\/daggerhart-openid-connect-generic\/\">Plugin<\/a> |<\/li>\n\n\n\n<li><a href=\"https:\/\/chatgpt.com\/c\/683568ae-354c-8007-bd8f-1ae6bb9e9973\">ChatGPT<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.digg.se\/digitala-tjanster\/e-legitimering\/om-e-legitimering\/tillitsnivaer-for-e-legitimering\">Tillitsniv\u00e5er<\/a><\/li>\n<\/ul>\n\n\n\n<p>Att anv\u00e4nda pluginet&nbsp;<strong>OpenID Connect Generic Client<\/strong>&nbsp;i WordPress f\u00f6r att integrera med&nbsp;<strong>Freja eID<\/strong>&nbsp;\u00e4r en&nbsp;<strong>l\u00e4ttviktig och \u00f6ppen<\/strong>&nbsp;l\u00f6sning. Den passar dig som vill ha kontroll \u00f6ver implementationen och inte vill anv\u00e4nda kommersiella alternativ som miniOrange eller Auth0.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\udde9 Vad \u00e4r&nbsp;<code>openid-connect-generic<\/code>?<\/h2>\n\n\n\n<p>Det \u00e4r ett&nbsp;<strong>gratis WordPress-plugin<\/strong>&nbsp;som g\u00f6r att din WordPress-webbplats kan agera som en&nbsp;<strong>OpenID Connect-klient<\/strong>, och autentisera anv\u00e4ndare via en extern&nbsp;<strong>OpenID Provider (OP)<\/strong>&nbsp;\u2013 t.ex. Freja eID.<\/p>\n\n\n\n<p>\ud83d\udd17 Pluginets GitHub:<br>\ud83d\udc49\u00a0<a class=\"\" href=\"https:\/\/github.com\/daggerhart\/openid-connect-generic\">https:\/\/github.com\/daggerhart\/openid-connect-generic<\/a><br>Plugin WordPress<br><a href=\"https:\/\/wordpress.org\/plugins\/daggerhart-openid-connect-generic\/\">https:\/\/wordpress.org\/plugins\/daggerhart-openid-connect-generic\/<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udee0\ufe0f S\u00e5 fungerar integrationen med Freja eID<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1.&nbsp;<strong>Freja eID som OpenID Connect-leverant\u00f6r<\/strong><\/h3>\n\n\n\n<p>Freja st\u00f6djer standarden OpenID Connect och har en &#8221;discovery endpoint&#8221;:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>https:\/\/oidc.prod.frejaeid.com\/.well-known\/openid-configuration<br><\/code><\/pre>\n\n\n\n<p>Denna inneh\u00e5ller all metadata som beh\u00f6vs: authorization endpoint, token endpoint, userinfo endpoint, etc.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">2.&nbsp;<strong>Installera pluginet i WordPress<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ladda ner pluginet fr\u00e5n GitHub eller&nbsp;<a>WordPress Directory (inofficiell version)<\/a><\/li>\n\n\n\n<li>Aktivera det.<\/li>\n\n\n\n<li>Du hittar inst\u00e4llningarna under&nbsp;<strong>Inst\u00e4llningar &gt; OpenID Connect Client<\/strong>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">3.&nbsp;<strong>Fyll i konfigurationsf\u00e4lt<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Inst\u00e4llning<\/th><th>V\u00e4rde<\/th><\/tr><\/thead><tbody><tr><td><strong>Login Type<\/strong><\/td><td>Redirect<\/td><\/tr><tr><td><strong>Client ID<\/strong><\/td><td>(F\u00e5s fr\u00e5n Freja adminportal)<\/td><\/tr><tr><td><strong>Client Secret<\/strong><\/td><td>(F\u00e5s fr\u00e5n Freja adminportal)<\/td><\/tr><tr><td><strong>OpenID Scope<\/strong><\/td><td><code>openid email ssn<\/code>&nbsp;<em>(beroende p\u00e5 vad du beh\u00f6ver)<\/em><\/td><\/tr><tr><td><strong>Login Endpoint URL<\/strong><\/td><td><code>https:\/\/oidc.prod.frejaeid.com\/oidc\/authorize<\/code><\/td><\/tr><tr><td><strong>Userinfo Endpoint URL<\/strong><\/td><td><code>https:\/\/oidc.prod.frejaeid.com\/oidc\/userinfo<\/code><\/td><\/tr><tr><td><strong>Token Validation Endpoint URL<\/strong><\/td><td><code>https:\/\/oidc.prod.frejaeid.com\/oidc\/token<\/code><\/td><\/tr><tr><td><strong>End Session Endpoint<\/strong>&nbsp;(valfri)<\/td><td><code>https:\/\/oidc.prod.frejaeid.com\/oidc\/logout<\/code><\/td><\/tr><tr><td><strong>Identity Key<\/strong><\/td><td><code>sub<\/code>&nbsp;eller&nbsp;<code>email<\/code>&nbsp;(beroende p\u00e5 vad du vill identifiera via)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">4.&nbsp;<strong>Valbara inst\u00e4llningar<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Create user if not exists<\/strong>: \u2714\ufe0f&nbsp;<em>(skapa automatiskt WordPress-anv\u00e4ndare f\u00f6r nya inloggningar)<\/em><\/li>\n\n\n\n<li><strong>Redirect back to origin page<\/strong>: \u2714\ufe0f&nbsp;<em>(anv\u00e4ndare skickas tillbaka till d\u00e4r de var)<\/em><\/li>\n\n\n\n<li><strong>Link existing users<\/strong>: \u2714\ufe0f&nbsp;<em>(bra om du vill koppla existerande WP-konton till Freja-login)<\/em><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd10 Hur fungerar inloggningen i praktiken?<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Bes\u00f6karen klickar p\u00e5 &#8221;Logga in med Freja eID&#8221;.<\/li>\n\n\n\n<li>De dirigeras till Frejas godk\u00e4nnandefl\u00f6de.<\/li>\n\n\n\n<li>Anv\u00e4ndaren identifierar sig i Freja-appen.<\/li>\n\n\n\n<li>Freja skickar ett token + anv\u00e4ndarinformation tillbaka till WordPress.<\/li>\n\n\n\n<li>WordPress loggar in anv\u00e4ndaren, eller skapar ett nytt konto baserat p\u00e5 attribut som&nbsp;<code>email<\/code>&nbsp;eller&nbsp;<code>ssn<\/code>.<\/li>\n<\/ol>\n\n\n\n<p>RedirectURL [som freja skickar tillbaka anv\u00e4ndaren till<\/p>\n\n\n\n<p><a href=\"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-admin\/admin-ajax.php?action=openid-connect-authorize\">https:\/\/solarxbike.se\/labbet\/digitalid\/wp-admin\/admin-ajax.php?action=openid-connect-authorize<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u2705 F\u00f6rdelar<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enkel, snabb och gratis.<\/li>\n\n\n\n<li>Ingen extern plattform beh\u00f6vs.<\/li>\n\n\n\n<li>Full OpenID Connect-kompatibilitet.<\/li>\n\n\n\n<li>Du kontrollerar allt sj\u00e4lv \u2013 bra f\u00f6r s\u00e4kerhetsmedvetna projekt.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u26a0\ufe0f Nackdelar<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ingen inbyggd support f\u00f6r rollmappning, attributmapping etc (men kan kodas).<\/li>\n\n\n\n<li>Ingen support om n\u00e5got g\u00e5r fel (\u00f6ppen k\u00e4llkod).<\/li>\n\n\n\n<li>Du m\u00e5ste ha ett klient-ID\/secret fr\u00e5n Freja (kr\u00e4ver avtal).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udca1 Tips<\/h2>\n\n\n\n<p>F\u00f6r att mappa attribut fr\u00e5n Freja (t.ex. personnummer, verified status etc), kan du hooka in i:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">phpKopieraRedigera<code>add_filter('openid-connect-generic-user-claim-result', 'mina_claims', 10, 3);\nfunction mina_claims($user_claim, $token_response, $user_info) {\n    \/\/ Exempel: spara Freja-ID som user meta\n    update_user_meta($user_claim-&gt;ID, 'freja_id', $user_info['sub']);\n    return $user_claim;\n}\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Identifiering med OIDC Att anv\u00e4nda pluginet&nbsp;OpenID Connect Generic Client&nbsp;i WordPress f\u00f6r att integrera med&nbsp;Freja eID&nbsp;\u00e4r en&nbsp;l\u00e4ttviktig och \u00f6ppen&nbsp;l\u00f6sning. Den passar dig som vill ha kontroll \u00f6ver implementationen och inte vill anv\u00e4nda kommersiella alternativ som miniOrange eller Auth0. \ud83e\udde9 Vad \u00e4r&nbsp;openid-connect-generic? Det \u00e4r ett&nbsp;gratis WordPress-plugin&nbsp;som g\u00f6r att din WordPress-webbplats kan agera som en&nbsp;OpenID Connect-klient, och autentisera &#8230; <a title=\"OIDC &#8211; OpenID\" class=\"read-more\" href=\"https:\/\/solarxbike.se\/labbet\/digitalid\/2025\/05\/27\/oidc-openid\/\" aria-label=\"L\u00e4s mer om OIDC &#8211; OpenID\">L\u00e4s mer<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"","activitypub_status":"federated","footnotes":""},"categories":[1],"tags":[],"class_list":["post-35","post","type-post","status-publish","format-standard","hentry","category-okategoriserade"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/posts\/35","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/comments?post=35"}],"version-history":[{"count":5,"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/posts\/35\/revisions"}],"predecessor-version":[{"id":312,"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/posts\/35\/revisions\/312"}],"wp:attachment":[{"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/media?parent=35"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/categories?post=35"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solarxbike.se\/labbet\/digitalid\/wp-json\/wp\/v2\/tags?post=35"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}