Hi, just wanted to say thanks for writing this extension. I thought I'd share a couple tidbits for configuring this to use Okta as an identity provider.
I edited the OpenID Connect extension's composer.json to use jumbojett/openid-connect-php 0.9.0 instead of 0.5.0, but as far as I can tell, there weren't any changes between 0.5.0 and 0.9.0 relevant to anything I encountered.
Okta will not honor requests that contain client credentials in the header and post data at the same time, so after authenticating with Okta successfully, the OpenID Connect extension would error out and I'd see a red "Fatal error authenticating user" or similar message. This is an upstream issue with jumbojett/open-id-client-php, and it turns out there's already a pull request for the fix but it hasn't been approved yet. I can't post a link here for some reason, but it's pull request 208 for the project on github - just paste unset($token_params['client_id']);
right below or above the existing unset($token_params['client_secret']);
inside of extensions/OpenIDConnect/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php
You'll know this is your issue if you see errors in your Okta system log; or if you have debug logging enabled in MediaWiki, you'll see this in the log: [OpenID Connect] Jumbojett\OpenIDConnectClientException: Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.
The other important thing to note about using this extension with Okta is that Okta will not provide any useful claims unless you explicitly request the correct scopes. If you don't specify scopes, the OpenID Connect extension will receive null/empty values for Real Name and Email, so if MediaWiki is already configured to auto-create users, you'll be logged in as "User".
To summarize, once the upstream jumbojett/open-id-client-php issue is resolved (just paste in the single line of code from the above github pull request), your $wgOpenIDConnect_Config in LocalSettings.php should look like this to work with Okta:
$wgOpenIDConnect_Config['hxxxx://foo.okta.com'] = [
'name' => 'Okta',
'clientID' => '(paste from the OIDC app you created in Okta)',
'clientsecret' => '(paste from the OIDC app you created in Okta)',
'scope' => [ 'profile', 'email' ]
];