Enable "strict mode" for Redirect URI
Usage If checked, WPO365 will only process any OpenID Connect (OIDC) payload when it is "received" at Redirect URI specified on the plugin's Single Sign-on configuration page. "Strict mode" will only be enforced if the Redirect URI is not equal to the website's home address. The Redirect URI must be set to the URL for a specific page e.g. https://your-website/oidc-auth/. WPO365 will not create this page for you but expects you to create a dedicated page instead.
Please note If this setting is not checked, WPO365 will process any OIDC payload it detects at any URL. If you configured more than one OIDC based Identity Provider or if you have another service that sends a payload similar to the OIDC one (e.g. with properties such as state, error, token and code) then this may proof problematic and you should enable "strict mode".
Path WP Admin > WPO365 > Single Sign-on
Visit the website https://www.wpo365.com/