From 29ef56b51ef652e9babcc791b047b5689ebf133a Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Mon, 24 Nov 2025 08:58:15 -0800
Subject: [PATCH] wordpress: Use OpenID Connect instead of pubtkt based SSO
 when private

Tests:

- Functional tests work.

- Admin user is able to access the application

- User belonging to special group is able to access the application

- Regular user is not able to access the application

- Anonymous user is not able to access the application

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 .../apache2/conf-available/wordpress-freedombox.conf   | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/plinth/modules/wordpress/data/usr/share/freedombox/etc/apache2/conf-available/wordpress-freedombox.conf b/plinth/modules/wordpress/data/usr/share/freedombox/etc/apache2/conf-available/wordpress-freedombox.conf
index c93ea1c49..21f6c0b04 100644
--- a/plinth/modules/wordpress/data/usr/share/freedombox/etc/apache2/conf-available/wordpress-freedombox.conf
+++ b/plinth/modules/wordpress/data/usr/share/freedombox/etc/apache2/conf-available/wordpress-freedombox.conf
@@ -30,10 +30,7 @@ Alias /wordpress /usr/share/wordpress
 
     # Allow access only if site is marked as public or if user is an admin
     <IfFile !/etc/wordpress/is_public>
-        Include includes/freedombox-single-sign-on.conf
-        <IfModule mod_auth_pubtkt.c>
-            TKTAuthToken "admin"
-        </IfModule>
+        Use AuthOpenIDConnect
     </IfFile>
 
     # Increase maximum upload file size
@@ -47,10 +44,7 @@ Alias /wordpress /usr/share/wordpress
 
     # Allow access only if site is marked as public or if user is an admin
     <IfFile !/etc/wordpress/is_public>
-        Include includes/freedombox-single-sign-on.conf
-        <IfModule mod_auth_pubtkt.c>
-            TKTAuthToken "admin"
-        </IfModule>
+        Use AuthOpenIDConnect
     </IfFile>
 
     <IfFile /etc/wordpress/is_public>