WordPress Plugin for Auth0 Authentication

🚀 Getting Started - 💬 Feedback

Getting Started

Requirements

• PHP 8.0+
• Most recent version of WordPress
• WordPress configured with database privileges allowing database table creation

Please review our support policy to learn when language and framework versions will exit support in the future.

Installation

Composer

Add the dependency to your application with Composer:

composer require auth0/wordpress

Then,

1. Log in to your WordPress site as an administrator.
2. Go to Plugins menu.
3. Look for "Login by Auth0" in the list.
4. Click Install Now, and then Activate.

WordPress.org

1. Log in to your WordPress site as an administrator.
2. Go to Plugins menu, then click 'Add New.'
3. Search for "Login by Auth0".
4. Click Install Now, and then Activate.

Configure Auth0

Create a Regular Web Application in the Auth0 Dashboard. Verify that the "Token Endpoint Authentication Method" is set to POST.

Next, configure the callback and logout URLs for your application under the "Application URIs" section of the "Settings" page:

• Allowed Callback URLs: The URL of your application where Auth0 will redirect to during authentication, e.g., http://localhost:3000/callback.
• Allowed Logout URLs: The URL of your application where Auth0 will redirect to after the user logout, e.g., http://localhost:3000/login.

Note the Domain, Client ID, and Client Secret. These values will be used later.

Configure the SDK

Upon activating the Auth0 WordPress plugin, you will find a new "Auth0" section on the left-hand side of your administrative dashboard. This section enables you to configure the plugin.

At a minimum, you will need to configure the Domain, Client ID, and Client Secret sections for the plugin to function.

We recommend testing on a staging/development site using a separate Auth0 Application before putting the plugin live on your production site. Be sure to enable the plugin from the Auth0's plugins admin settings page for authentication with Auth0 to function.

Plugin Database Tables

For performance reasons, V5 of the WordPress plugin has adopted its own database tables. This means the WordPress database credentials you have configured must have appropriate privileges to create new tables.

Cron Configuration

It's essential to configure your WordPress site's built-in background task system, WP-Cron. This is the mechanism that V5 of the WordPress plugin keeps WordPress and Auth0 in sync.

Support Policy

• Our PHP version support window mirrors the PHP release support schedule. Our support for PHP versions ends when they stop receiving security fixes.
• As Automattic's stated policy is "security patches are backported when possible, but this is not guaranteed", we only support the latest release marked as "actively support" by Automattic.

Deprecations of EOL'd language, or framework versions are not considered a breaking change. Legacy applications will stop receiving updates from us but will continue to function on those unsupported SDK versions. Please ensure your PHP and WordPress environments always remain up to date.

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

• Auth0's general contribution guidelines
• Auth0's code of conduct guidelines

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0 is an easy-to-implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.

OPEN ISSUES

RELEASES