forked from auth0/wordpress
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreadme.txt
211 lines (125 loc) · 8.52 KB
/
readme.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
=== PLUGIN_NAME ===
Tags: PLUGIN_TAGS
Tested up to: 4.9.4
Requires at least: 3.8
Requires PHP: 5.3
License: MIT
License URI: https://github.com/auth0/wp-auth0/blob/master/LICENSE.md
Stable tag: trunk
Contributors: auth0, glena, rrauch, auth0josh
PLUGIN_DESCRIPTION
== Description ==
This plugin gives WordPress a new Login Widget (powered by [Auth0](https://auth0.com)) that enables:
- Universal authentication
+ +30 Social Providers
+ Enterprise connections (ADFS, Active directory / LDAP, SAML, Office 365, Google Apps and more)
+ Connect your own database
+ Passwordless connections (using SMS, Magic links and Email codes)
- Ultra secure
+ Multifactor authentication
+ Password policies
+ Email validation
+ Mitigate brute force attacks
- Easy access to your users data
+ User stats
+ Profile data
+ Login history and locations
== Installation ==
Please see the Auth0 Docs site for [complete installation and configuration instructions](https://auth0.com/docs/cms/wordpress/installation).
== Screenshots ==
1. The new login page on WordPress
2. The admin to configure the plugin
3. The new plugin quick setup
4. Get info about the supported enterprise connections
5. Set up the Auth0 widgets
6. Your home page with the login widget enabled
== Technical Notes ==
**IMPORTANT**: By using this plugin you are delegating the site authentication to Auth0. That means that you won't be using the WordPress database to authenticate users anymore and the default WP login box won't show anymore. However, we can still associate your existing users by merging them by email. This section explains how.
When you install this plugin you have at least one existing user in the database (the admin user). If the site is already being used, you probably have more than just the admin. We want you to keep those users, of course.
= Migrating Existing Users =
Auth0 allows multiple authentication providers. You can have social providers like Facebook, Twitter, Google+, etc., you can have a database of users/passwords (just like WordPress but hosted in Auth0) or you can use an Enterprise directory like Active Directory, LDAP, Office365, SAML and others. All those authentication providers might give you an email and a flag indicating whether the email was verified or not. We use that email (only if its verified) to associate a previous **existing** user with the one coming from Auth0.
If the email was not verified and there is an account with that email in WordPress, the user will be presented with a page saying that the email was not verified and a link to "Re-send the verification email".
For both scenarios you may configure in the WP admin whether is mandatory that the user has a verified email or not.
= Accessing Profile Information =
WordPress defines a function called `wp_get_current_user` to populate the global variable `current_user` with the logged in WP_User. Similarly we define `get_currentauth0userinfo` that populates `current_user` and `currentauth0_user` with the information of the [Normalized profile](https://docs.auth0.com/user-profile)
= Enabling dual (Auth0 and WordPress) login =
You can enable the standard WordPress login by turning on the "WordPress login enabled" setting (enabled by default). This will make visible a link on the login page to swap between both.
= Using the plugin widget =
You can enable the Auth0 as a WordPress widget in order to show it in the sidebar. The widget inherits the plugin settings and it can be overridden with its own settings.
Also, a new layout setting is enabled in order to be shown as a modal. Enabling the "Show as modal" setting, a button which trigger the modal is generated.
= Using the login widget as a shortcode =
Also, you can use the Auth0 widget as a shortcode in your editor. Just add the following:
[auth0]
It can be customized by adding the following attributes:
* form_title: string
* dict: string, should be a the language or a valid json with the translation (see https://github.com/auth0/lock/wiki/Auth0Lock-customization#dict-stringobject)
* social_big_buttons: boolean
* gravatar: boolean
* username_style: string, "email" or "username"
* icon_url: string (valid url)
* extra_conf: string, valid json
* show_as_modal: boolean
* modal_trigger_name: string, button text
Example:
[auth0 show_as_modal="true" social_big_buttons="true" modal_trigger_name="Login button: This text is configurable!"]
All the details about the parameters on the lock wiki (https://github.com/auth0/lock/wiki/Auth0Lock-customization)
== Frequently Asked Questions ==
= Is this plugin compatible with WooCommerce? =
Yes, this plugin will override the default WooCommerce login forms with the Lock widget.
= What should I do if I end up with two accounts for the same user? =
Under some situations, you may end up with a user with two accounts. WordPress allows you to do merge users. You just delete one of the accounts and then attribute its contents to the user you want to merge with. Go to Users, select the account you want to delete, and in the confirmation dialog select another user to transfer the content.
= Can I customize the Login Widget? =
You can style the login form by adding your css on the "Customize the Login Widget CSS" Auth0 setting and the widget settings
form a.a0-btn-small { background-color: red !important; }
The Login Widget is Open Source. For more information about it: https://github.com/auth0/lock
= Can I access the user profile information? =
The Auth0 plugin transparently handles login information for your WordPress site and the plugins you use, so that it looks like any other login.
= When I install this plugin, will existing users still be able to login? =
Yes. Read more about the requirements for that to happen in the Technical Notes.
= What authentication providers do you support? =
For a complete list look at https://docs.auth0.com/identityproviders
= "This account does not have an email associated..." =
If you get this error, make sure you are requesting the Email attribute from each provider in the Auth0 Dashboard under Connections -> Social (expand each provider). Take into account that not all providers return Email addresses for users (e.g. Twitter). If this happens, you can always add an Email address to any logged in user through the Auth0 Dashboard (or API). See Users -> Edit.
= The form_title setting is ignored when I set up the dict setting =
Internally, the plugin uses the dict setting to change the Auth0 widget title. When you set up the dict field it overrides the form_title one.
To change the form_title in this case, you need to add the following attribute to the dict json:
{
signin:{
title: "The desired form title"
}
}
= How can I set up the settings that are not provided in the settings page? =
We added a new field called "Extra settings" that allows you to add a json object with all the settings you want to configure.
Have in mind that all the "Extra settings" that we allow to set up in the plugin settings page will be overridden.
== Changelog ==
[Complete CHANGELOG.md maintained on Github](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md)
= 3.5.2 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#352-2018-01-26)
= 3.5.1 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#351-2018-01-26)
= 3.5.0 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#350-2018-01-25)
= 3.4.0 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#340-2018-01-08)
= 3.3.2 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#332-2017-10-05)
= 3.2.24 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#3224-2017-08-14)
= 3.2.23 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#3223-2017-07-18)
= 3.2.22 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#3222-2017-06-26)
= 3.2.21 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#3221-2017-06-14)
= 3.2.5 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#325-2016-09-07)
= 3.2.0 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#320-2016-08-16)
= 3.1.4 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#314-2016-07-01)
= 3.1.3 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#313-2016-06-15)
= 3.1.2 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#312-2016-06-13)
= 3.1.1 =
[Details](https://github.com/auth0/wp-auth0/blob/master/CHANGELOG.md#311-2016-06-06)