AUTH_KEY dependency

  • stephenmahood

    (@stephenmahood)


    8 years ago

    Hey,

    I think the dependency on the AUTH_KEY staying constant is a real let down of this plugin. Currently if you want to change the AUTH_KEY you need to remove all the current users and then have them log back in again to re-create their user.

    Would a more elegant solution not be to update the user’s password with a hash of the username and AUTH_KEY each time they login?

    I think something similar to the update_role method should be created to update a user’s password before calling the wp_signon method.

    Cheers

    Stephen

    https://wordpress.org/plugins/saml-20-single-sign-on/

Viewing 1 replies (of 1 total)
  • Plugin Author ktbartholomew

    (@ktbartholomew)

    8 years ago

    stephenmahood,

    I agree! The AUTH_KEY dependency was never a great solution. Version 0.9.4 no longer uses this method. It creates a completely random (not tied to auth_key, and also not reversible) password, but never actually uses it.

    The plugin also no longer depends on being able to reproduce a password for each user to log them in, so changing the AUTH_KEY will no longer have the effect of locking out all the users.

    https://github.com/ktbartholomew/saml-20-single-sign-on#094

Viewing 1 replies (of 1 total)
  • The topic ‘AUTH_KEY dependency’ is closed to new replies.