[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faYcvCZaIC34kWAZ0mWZqq7izwAEPywetrcyY7MZw204":3},{"slug":4,"display_name":4,"profile_url":5,"plugin_count":6,"total_installs":7,"avg_security_score":8,"avg_patch_time_days":9,"trust_score":10,"computed_at":11,"plugins":12},"websitetwelvelegsmarketing","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebsitetwelvelegsmarketing\u002F",1,0,100,30,94,"2026-05-20T01:18:11.956Z",[13],{"slug":14,"name":15,"version":16,"author":4,"author_profile":5,"description":17,"short_description":18,"active_installs":7,"downloaded":19,"rating":7,"num_ratings":7,"last_updated":20,"tested_up_to":21,"requires_at_least":22,"requires_php":23,"tags":24,"homepage":30,"download_link":31,"security_score":8,"vuln_count":7,"unpatched_count":7,"last_vuln_date":32,"fetched_at":33},"twelve-legs-marketing-sso","Twelve Legs Marketing SSO","1.0.2","\u003Cp>TWL SSO is a secure single sign-on plugin for WordPress that enables seamless authentication using RS256 JWT tokens from an external SSO application.\u003Cbr \u002F>\nThis plugin provides login security features and is designed for allowing Twelve Legs Marketing centralized authentication management.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Single Sign In\u003C\u002Fstrong>: Agency employees can log into websites they manage from a central dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Just-in-Time User Provisioning\u003C\u002Fstrong>: Automatic user creation and role assignment\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JWT Validation\u003C\u002Fstrong>: Full RS256 signature verification with JWKS endpoint integration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Key Rotation\u003C\u002Fstrong>: Support key rotation through JWKS endpoint\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Management\u003C\u002Fstrong>: Flexible role assignment from JWT claims\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Referrer Validation\u003C\u002Fstrong>: Enhanced security through referrer validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audience Validation\u003C\u002Fstrong>: Ensures tokens are valid for the specific WordPress site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Expiration\u003C\u002Fstrong>: Built-in token expiration and clock skew tolerance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Validation\u003C\u002Fstrong>: Comprehensive email validation with optional allowlist\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Caching\u003C\u002Fstrong>: JWKS caching for improved performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Referrer validation to prevent unauthorized access\u003C\u002Fli>\n\u003Cli>JWT signature verification using public key cryptography\u003C\u002Fli>\n\u003Cli>Issuer validation to ensure tokens come from trusted sources\u003C\u002Fli>\n\u003Cli>Audience validation to prevent token reuse across sites\u003C\u002Fli>\n\u003Cli>Token expiration validation with configurable leeway\u003C\u002Fli>\n\u003Cli>Email format validation and filtering via hook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress installations managed centrally by agency\u003C\u002Fli>\n\u003Cli>Organization using Google for external identity provider\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch4>Authentication Flow\u003C\u002Fh4>\n\u003Col>\n\u003Cli>User clicks login link from SSO application sso.twelvelegsmarketing.com\u003C\u002Fli>\n\u003Cli>SSO application redirects to WordPress with JWT token: \u003Ccode>\u002Fwp-login.php?action=twl_sso&token=JWT_TOKEN\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Plugin validates the JWT token signature and claims\u003C\u002Fli>\n\u003Cli>Plugin extracts user information from JWT claims\u003C\u002Fli>\n\u003Cli>Plugin creates or retrieves WordPress user\u003C\u002Fli>\n\u003Cli>Plugin assigns appropriate role based on JWT claims\u003C\u002Fli>\n\u003Cli>User is logged into WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>JWT Claims\u003C\u002Fh4>\n\u003Cp>The plugin expects the following JWT claims:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>email\u003C\u002Fcode> or \u003Ccode>sub\u003C\u002Fcode>: User’s email address\u003C\u002Fli>\n\u003Cli>\u003Ccode>iss\u003C\u002Fcode>: Issuer (must match allowed issuers)\u003C\u002Fli>\n\u003Cli>\u003Ccode>aud\u003C\u002Fcode>: Audience (must match WordPress site URL)\u003C\u002Fli>\n\u003Cli>\u003Ccode>exp\u003C\u002Fcode>: Expiration time\u003C\u002Fli>\n\u003Cli>\u003Ccode>nbf\u003C\u002Fcode>: Not before time (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_role\u003C\u002Fcode>: WordPress role to assign (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>name\u003C\u002Fcode>: User’s display name (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>given_name\u003C\u002Fcode>: User’s first name (optional)\u003C\u002Fli>\n\u003Cli>\u003Ccode>family_name\u003C\u002Fcode>: User’s last name (optional)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cp>The plugin automatically configures itself based on the WordPress environment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Production\u003C\u002Fstrong>: Only allows \u003Ccode>https:\u002F\u002Fsso.twelvelegsmarketing.com\u003C\u002Fcode> as issuer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development\u002FStaging\u003C\u002Fstrong>: Also allows \u003Ccode>https:\u002F\u002Flocalhost:8443\u003C\u002Fcode> as issuer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customization\u003C\u002Fh4>\n\u003Cp>You can customize the plugin behavior using WordPress filters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>twl_sso_allow_email\u003C\u002Fcode>: Filter to control which email addresses are allowed\u003C\u002Fli>\n\u003Cli>\u003Ccode>twl_sso_allowed_roles\u003C\u002Fcode>: Filter to control which roles can be assigned\u003C\u002Fli>\n\u003Cli>\u003Ccode>twl_sso_allowed_issuers\u003C\u002Fcode>: Filter to control which issuers are allowed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please contact Twelve Legs Marketing at https:\u002F\u002Ftwelvelegsmarketing.com\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, store, or transmit any personal data. All authentication is handled through secure JWT tokens from your configured SSO provider.\u003C\u002Fp>\n","Single sign-on plugin for WordPress that accepts RS256 JWTs from the TWL SSO application for secure authentication.",202,"2025-10-22T14:34:00.000Z","6.8.5","5.8","8.0",[25,26,27,28,29],"authentication","jwt","login","single-sign-on","sso","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwelve-legs-marketing-sso.1.0.2.zip",null,"2026-04-06T09:54:40.288Z"]