wordpress
WordPress Plugin for Auth0 Authentication
MIT License
Bot releases are hidden (Show)
wordpress
- 3.7.3
Published by joshcanhelp almost 5 years ago
wordpress
- 3.11.1
Published by joshcanhelp about 5 years ago
Fixed
- Check state in specific global based on callback type #708 (joshcanhelp)
- Fix widget gravatar and language settings #706 (joshcanhelp)
- Change CDN URL field type #704 (joshcanhelp)
- Fix sensitive field handling; add Basic settings tab validations #703 (joshcanhelp)
- Fix embed widget documentation and validation #702 (joshcanhelp)
- Add new Auth0 IPs; do not save duplicate or whitelisted IPs #700 (joshcanhelp)
- Improve setup wizard documentation #699 (joshcanhelp)
- Fix post passwords getting redirected #698 (joshcanhelp)
wordpress
- 3.11.0
Published by joshcanhelp over 5 years ago
Notes on this release
- Lock was updated from 11.15 to 11.16. The option to display social connections in small styled buttons is no longer available due to branding compliance reasons with third party identity providers. All the social connections will now be displayed as large styled buttons.
- New installs using user migration will now have a namespaced user ID returned to Auth0 on first login. If you have or plan on having multiple custom databases, please see the User Migration documentation for more information. New installs will also use configuration variables instead of hard-coded values for the URL, migration token, and user namespace.
- The WordPress core login override has been refactored to improve the user experience and overall security.
- Added more complete ID token validation during login.
- Sites using VIP Go are now able to use MFA.
- Fixed a bug that prevented sites using user migration from changing the WordPress user's email.
Closed issues
- WordPress.com VIP Go MFA incompatibility #687
Added
- Add auth0_lock_options filter #691 (joshcanhelp)
- Spanish translations for new UI text #685 (joshcanhelp)
Changed
- Fix migration namespace and callback #694 (joshcanhelp)
- Change JWT leeway filter name and add tests #692 (joshcanhelp)
- Translate plugin links and remove error log #682 (joshcanhelp)
- Remove small social icons #680 (joshcanhelp)
- Edit login.css #679 (frooeyzanny)
- Refactor Auth Code login and add tests #678 (joshcanhelp)
Deprecated
- Deprecate WP_Auth0_Options::can_show_wp_login_form() #690 (joshcanhelp)
- Deprecate WP_Auth0_Api_Client methods #684 (joshcanhelp)
- Deprecate Render Big Social Buttons method #683 (joshcanhelp)
Fixed
- Fix VIP Go MFA screen #689 (joshcanhelp)
- Namespace user IDs and use DB configuration for new user migration installs #681 (joshcanhelp)
- Use existing migration token during setup #676 (joshcanhelp)
- Fix Auth0 logout redirect #675 (joshcanhelp)
- Check for email update in migration-ws-get-user endpoint #674 (joshcanhelp)
Security
- Improve WordPress core login override for security and UX #686 (joshcanhelp)
- Add issuer and audience ID token validation #677 (joshcanhelp)
wordpress
- 3.10.0
Published by joshcanhelp over 5 years ago
Closed issues
- Sign in with OTP MFA doesn't work unless "Remember this browser" is enabled #667
- WP_Auth0_Routes::migration_ws_login, 401 Invalid Credentials #633
- OpenSSL error in WP_Auth0_Api_Client_Credentials::call #631
- 1Password Compatibility #627
- User Migration set as PHP constant causes token to not be generated #620
Added
- Add wp_auth0_get_option function to get option values #665 (joshcanhelp)
- Update translations #663 (joshcanhelp)
- Add new options for WordPress Login Enabled #642 (joshcanhelp)
- Add ability to generate a new migration token #640 (joshcanhelp)
- add auto-redirect if it is set for woocommerce pages too #630 (mostekcm)
Changed
- Combine all Lock-related settings on an Embedded tab #668 (joshcanhelp)
- Change API scopes needed in the Setup Wizard #650 (joshcanhelp)
- Set OIDC conformant for new installs #649 (joshcanhelp)
- Do not store the API token on install #639 (joshcanhelp)
- Change ULP setting to be on by default #638 (joshcanhelp)
- Update Lock, Auth0.js; add setting to use default #635 (joshcanhelp)
- Remove CSS and JS fields for new installs and ones an without existing value #634 (joshcanhelp)
- Do not update Auth0 Application when SSO is turned on #625 (joshcanhelp)
Deprecated
- Deprecate WP_Auth0_Options_Generic class #669 (joshcanhelp)
- Deprecations for render_sso method #662 (joshcanhelp)
- Deprecations for init functions calling add_action or add_filter #661 (joshcanhelp)
- Deprecations for API token handling #660 (joshcanhelp)
- Deprecate methods that control field rendering and validation #659 (joshcanhelp)
- Deprecate WP_Auth0_Profile_Delete_Mfa and WP_Auth0_Api_Delete_User_Mfa #658 (joshcanhelp)
- Deprecate WP_Auth0_Api_Client methods #657 (joshcanhelp)
- Deprecate WP_Auth0_Api_Operations methods #656 (joshcanhelp)
- Deprecate WP_Auth0_LoginManager methods #655 (joshcanhelp)
- Deprecate WP_Auth0_Lock10_Options class #654 (joshcanhelp)
- Deprecate WP_Auth0_RulesLib class #653 (joshcanhelp)
- Deprecate WP_Auth0_UsersRepo methods #652 (joshcanhelp)
- Remove automatic client grant creation #637 (joshcanhelp)
- Deprecate WP JWT Auth plugin configuration #636 (joshcanhelp)
Removed
- Remove auto-logout; deprecation notice for SSO setting #651 (joshcanhelp)
- Remove Delete MFA control on user profile; add link to user in dashboard #644 (joshcanhelp)
- Remove auth0_app_token setting #641 (joshcanhelp)
- Remove password policy admin setting #629 (joshcanhelp)
- Replace Rules-based settings with prompt to the dashboard [SDK-474] #624 (joshcanhelp)
Fixed
- Redirect to logout of Auth0 on callback error #666 (joshcanhelp)
- Fix all translate-able text issues #648 (joshcanhelp)
- Better Management API token handling #632 (joshcanhelp)
- clarify that custom sign up fields should be an array #626 (ShayMe21)
wordpress
- 3.9.0
Published by joshcanhelp almost 6 years ago
Notes on this release
- Added a complete Spanish translation!
- Email changes for WordPress users now work properly and are rejected clearly if Auth0 rejects the change. This does not affect the email verification process in WordPress; the email is changed only after the verification happens. A current API token is not required but your Application does need to allow for a Client Credentials grant with the Management API (this configured for you by default, more information here).
- Sibling sub-domains are now allowed for the Login Redirect URL. Anything within the same domain name as the site URL can now be saved.
- Default Auth0 IP addresses are now allowed by default on the user migration endpoints. Adding or changing the IP addresses for the "Migration IPs Whitelist" field will not affect default IPs.
- User migration endpoints were improved to provide better errors when requests are rejected and more clear custom database scripts that can be used as an example when setting up the migration manually. Switching this setting on or off does not make any changes in the Auth0 dashboard or to the existing token, it only makes the endpoints available or not.
- The Social Amplificator functionality has been removed.
Added
- Update Translations #615 (joshcanhelp)
- Allow subdomains in redirect and refactor validation tests #601 (joshcanhelp)
- Whitelist Auth0 IPs by default and show in wp-admin #596 (joshcanhelp)
- Fix migration login route output and add tests #595 (joshcanhelp)
- Added filter to allow for changing the output of die_on_login #593 (coperator)
- Spanish translation by Carlos Longarela #526 (CarlosLongarela)
Changed
- Refactor migration route handling and add tests #606 (joshcanhelp)
- Remove unnecessary callback; add notice if plugin is already setup #604 (joshcanhelp)
- Refactor migration token validation and match entire token on endpoints #602 (joshcanhelp)
- Update translations #599 (joshcanhelp)
- Refactor and tests for user migration get user route #598 (joshcanhelp)
- Move custom DB scripts to separate files #592 (joshcanhelp)
Deprecated
- Deprecations for ip_range setting #618 (joshcanhelp)
- Deprecate Social Amplificator classes + methods #612 (joshcanhelp)
Removed
- Remove unused IP range setting #616 (joshcanhelp)
- Remove Social Amplificator functionality #607 (joshcanhelp)
Fixed
- Fix Migration Token Generation; Add JSON Content-Type header #617 (joshcanhelp)
- Fix escaped passwords sent to Auth0 #611 (joshcanhelp)
- Fix notice when settings constant is defined too late #600 (joshcanhelp)
- Fix email update on Auth0 #594 (joshcanhelp)
Closed issues
- Invalid State error 100% of the time #597
- Update docs #591
- Correct dimensions for custom login icon #586
- Basic settings edit box doesn't show values from AUTH0_ENV_* constants #569
- Better documentation of User Migration endpoints with manual setup #542
- Keep getting logged out once SSO is turned on #541
wordpress
- 3.8.1
Published by joshcanhelp almost 6 years ago
Closed issues
- Javascript: Use readonly instead of disabled on email field #587
Changed
- Change logged-in user redirect to login_init hook #584 (joshcanhelp)
Fixed
- Switch email field property to readonly #588 (joshcanhelp)
- Add WooCommerce password change action. #585 (joshcanhelp)
- Fix Connection update over-writing Connection settings. #582 (joshcanhelp)
wordpress
- 3.8.0
Published by joshcanhelp almost 6 years ago
Notes on this release
- Administrators can now mark certain strategies as able to skip email verification. This is typically used for Enterprise strategies that do not provide an email verification flag. This should be used sparingly and only for connections that do not provide this flag.
- Password changes for WordPress users now work properly and are rejected clearly if Auth0 rejects the change (typically because the password does not conform to the password policy). A current API token is not required but your Application does need to allow for a Client Credentials grant with the Management API (this configured for you by default, more information here).
- The
wp-login.phppage is no longer used for any callback processing. If you are using this page to process callbacks in a custom plugin or theme, please update to use the main callback URL for the implicit flow/index.php?auth0=implicit. In addition, users that are already logged in will be redirected to the default login page when accessingwp-login.php. - Error logging has been improved in general, along with improvements to the error log display. Consecutive, duplicate errors are now combined, the error log now shows more entries, and entries can be cleared from the admin.
- The "Auto-Login" setting has been renamed to "Universal Login Page" and moved from the Advanced tab to the Features tab. The functionality is the same as before and will retain the existing setting.
Issues and PRs
Closed issues
- Plugin tries to create a user if they log in a different way #539
- Problems with implicit login in > 3.6 #536
- Add authorization token to header for external request #534
- Configuring auth0 OIDC URL parameters #521
- Single sign on shows the login username/password fields briefly before automatically signing in #508
- Better behavior when logged-in users visits wp-login.php #414
- Profile password update changes #375
- auth0 forgot password doesn't change WP password #310
- Woocommerce can't change user password #300
Added
- Update translation file #561 (joshcanhelp)
- Add Management API framework #537 (joshcanhelp)
- Update README, CONTRIBUTION, LICENSE, and Issue+PR templates #533 (joshcanhelp)
- Add filters for authorize URL and params, logout URL + tests #531 (joshcanhelp)
- Improve error log #530 (joshcanhelp)
- Add skip strategies setting and tests #528 (joshcanhelp)
Changed
- Update telemetry header #577 (joshcanhelp)
- Update JWT library #576 (joshcanhelp)
- Change deprecation error handling #574 (joshcanhelp)
- Fix tests to run in same process #565 (joshcanhelp)
- Rename the Auto Login setting to ULP; move to features tab #551 (joshcanhelp)
- Switch implicit flow to hybrid flow and correct Management API scopes #546 (joshcanhelp)
- Update README and version number for dev->master merge #543 (joshcanhelp)
Deprecated
- Deprecate unused rules JS #560 (joshcanhelp)
- Deprecate WP_Auth0_Email_Verification::ajax_resend_email #559 (joshcanhelp)
- Deprecate a0_render_message method #558 (joshcanhelp)
- Deprecate unused login methods and props #557 (joshcanhelp)
- Deprecate WP_Auth0_Options connection methods #556 (joshcanhelp)
- Deprecate WP_Auth0_Referer_Check #555 (joshcanhelp)
- Deprecate WP_Auth0_Metrics #554 (joshcanhelp)
- Deprecate WP_Auth0_InitialSetup_Signup, remove usage #553 (joshcanhelp)
- Deprecate methods in WP_Auth0_Api_Operations and related ones in WP_Auth0 #552 (joshcanhelp)
- Deprecate unused methods and classes for initial setup #550 (joshcanhelp)
- Deprecate unused methods in WP_Auth0_Api_Client #549 (joshcanhelp)
- Deprecations for WP_Auth0_EditProfile #548 (joshcanhelp)
- Deprecations for WP_Auth0_EditProfile #547 (joshcanhelp)
Fixed
- Fix label font-weight and migration token display #579 (joshcanhelp)
- Fix user profile saving #573 (joshcanhelp)
- Update phpcs script and dependent libs #572 (joshcanhelp)
- Move SSO checking into Lock init #570 (joshcanhelp)
- Fix migration token display to allow copying #540 (joshcanhelp)
- Change and improve user profile #532 (joshcanhelp)
wordpress
- 3.7.1
Published by joshcanhelp about 6 years ago
Closed issues
- "search_engine=v2 is not available for your tenant because it is deprecated" error #562
Fixed
- 3.7.1 patch release to fix user search engine in rules #563 (joshcanhelp)
wordpress
- 3.7.0
Published by joshcanhelp about 6 years ago
Closed issues
- Optionally load client ID, secret and domain from environment #480
- Allow login redirect URL to point to an in-network domain for multi-site #459
Added
- Add new IP addresses and tests for WP_Auth0_Ip_Check #513 (joshcanhelp)
- Add constant settings support #509 (joshcanhelp)
- Add translation ability #507 (joshcanhelp)
- Add more info to Contributing section, including tests #506 (joshcanhelp)
- Add custom domain support with tests; add compat test to Circle CI #505 (joshcanhelp)
- Add testing suite, initial tests, and CircleCI #503 (joshcanhelp)
- Add code quality tools and contrib instructions #498 (joshcanhelp)
Changed
- Update new Application creation URLs #514 (joshcanhelp)
- Add support for subdomains and different scheme URLs for redirect #512 (joshcanhelp)
- Update wordpress.org readme #500 (joshcanhelp)
Removed
- Remove account cleanup tool #510 (joshcanhelp)
- Remove connection settings #502 (joshcanhelp)
- Remove signup disabling #501 (joshcanhelp)
Fixed
- Fix login processing if already logged in #518 (joshcanhelp)
- Fix PHP notice for Amplificator widget #511 (joshcanhelp)
- Fix whitespace #499 (joshcanhelp)
wordpress
- 3.6.2
Published by joshcanhelp over 6 years ago
Closed issues
-
auth0_statecookie and Pantheon #494 - Question: Way to visit directly to Sign Up tab? #489
- Custom Fields #487
- TypeError: jQuery(...).tab is not a function #484
- Error - auth0 cannot find node with id "auth0-login-form" #483
Added
- Add a filter for nonce and state cookie names #495 (joshcanhelp)
- Add error handling for JWT decode #492 (joshcanhelp)
- Show signup tab if action=register on wp-login.php page #490 (joshcanhelp)
Fixed
- Fix missing signup fields #491 (joshcanhelp)
- Fix import-export tabs not working #486 (joshcanhelp)
wordpress
- 3.6.1
Published by joshcanhelp over 6 years ago
Closed issues
Fixed
- Fix SLO callback URL #479 (joshcanhelp)
- Fix Customizer failing after upgrade; fix widget settings #477 (joshcanhelp)
wordpress
- 3.6.0
Published by joshcanhelp over 6 years ago
3.6.0 (2018-06-05)
NOTES
- Passwordless was reconfigured completely to use the combined Lock library (currently hard-coded to 11.5). All current settings will be migrated to the new configuration so your login process should not change. Lock initiation has also been refactored to improve maintainability and adhere to WordPress standards.
- The Setup Wizard has been adjusted to more clearly explain the process and options available. This only affects new installations using the Setup Wizard for configuration.
- The settings page has been rearranged and improved overall. New settings descriptions have also been added along with links to documentation, where appropriate.
- State validation was added to both login flows; nonce validation was added to sites using Implicit flow.
- OIDC compliant Applications should now function as expected (though this setting is not yet activated by default on installation). OpenID Connect login is now possible by turning off the Client Credentials grant for your WordPress Application.
- Dashboard widgets have been removed. This can easily be added back as a plugin, if needed. Please contact support if you need assistance with this.
- A number of new hooks have been added, please see our docs page on extension for a complete inventory with examples. This includes the ability to support refresh tokens.
- Federated logout has been removed.
Closed issues
- Expose a configurable toggle that allows Users to state if federated logout should be used #471
- Updating to 3.5.2 - Fatal error: Uncaught Error: Cannot use object of type stdClass as array in /app/wp-content/plugins/auth0/lib/WP_Auth0_DBManager.php on line 225 #464
- Autoloader performance issue #461
- Bad request does not raise error #432
- Widget URL changes don't save when you are using passwordless #430
- Deprecate
oauth/roendpoint #410 - Handling errors #403
- Fallback /api/v2/users/{id} to /userinfo #401
- CORS errors #400
- Provide Resend verification email only for DB connections #345
- SSO disabled, Single Logout enabled causes users to get logged out automatically a few seconds after logging in #336
- French translation : html characters #309
- "Invalid authorization code": Access token is requested twice in a row, breaking the login flow #305
- Make state work after SSO login #302
- Is there a way to use Refresh Tokens and Wordpress? #296
- Only decode the payload before user profile fetch in login manager #283
- redirect callback errors #280
- Linked Users won't be able to login using implicit flow and pipeline 2 #272
- Normalize use of shortcode and widget #260
- Wrong z-index on modal error message in manual setup #252
- Logout does not work when Wordpress is locked down (private site) #39
Added
- Adding refresh token support; adjusting default scope #456 (joshcanhelp)
- Add code quality tools, improved composer.json #454 (joshcanhelp)
- Add /userinfo fallback during login #423 (joshcanhelp)
- State handling during login process for both types #406 (joshcanhelp)
Changed
- Change token exchange redirect URL to match what was sent for auth code #463 (joshcanhelp)
- Hide the signup tab if registrations are turned off #460 (joshcanhelp)
- New class for state handling; set cookie for implicit nonce #458 (joshcanhelp)
- Change auto-login action #449 (joshcanhelp)
- Require telemetry for API calls #441 (joshcanhelp)
- Change Appearance tab settings output #439 (joshcanhelp)
- Change Feature settings output #436 (joshcanhelp)
- Change Basic settings field display; better admin UX #433 (joshcanhelp)
- Change how Advanced admin settings fields are output #429 (joshcanhelp)
- Setting titles and option names #427 (joshcanhelp)
- Clean up admin notices #421 (joshcanhelp)
- Change asset enqueuing #419 (joshcanhelp)
- Improve WP_Auth0_Options #418 (joshcanhelp)
Deprecated
- Deprecate 2 lookup methods #446 (joshcanhelp)
- Deprecating wp-admin settings-related methods + classes #445 (joshcanhelp)
- Deprecating unused Lock Options classes and methods #444 (joshcanhelp)
- Deprecating admin_enqueue functions #443 (joshcanhelp)
- Deprecate oauth/ro endpoint #413 (joshcanhelp)
Removed
- Remove wp-admin click tracking #451 (joshcanhelp)
- Remove dashboard widgets #428 (joshcanhelp)
- Remove and migrate Passwordless setting #425 (joshcanhelp)
- Remove api_audience settings field #422 (joshcanhelp)
- Removing dashboard widgets #397 (joshcanhelp)
Fixed
- Correcting input field height on settings pages for IE #472 (joshcanhelp)
- Save sub or user_id if not provided; remove extemporaneous ID token attributes #469 (joshcanhelp)
- Improve Setup Wizard #468 (joshcanhelp)
- Fix install and DB update errors #467 (joshcanhelp)
- Fix SLO redirect, SLO on when SSO off, SSO setting not pushed to dashboard #466 (joshcanhelp)
- Fixed auto-loader to skip non-WP-Auth0 classes #465 (joshcanhelp)
- Fix empty path notice on initial setup #457 (joshcanhelp)
- Fix logout process #453 (joshcanhelp)
- Fix help tab text and settings tab UX #452 (joshcanhelp)
- Only show email verification resend for DB connections #447 (joshcanhelp)
- Fix Passwordless handling; update Lock instantiation #434 (joshcanhelp)
- Fix Implicit login handling #426 (joshcanhelp)
- Admin settings refactor - WP_Auth0_Admin_Generic #416 (joshcanhelp)
- Fix Login Process Error Handling #409 (joshcanhelp)
wordpress
- 3.5.2
Published by joshcanhelp over 6 years ago
Please see Important Note on 3.5.0
Closed issues
- [Security] [URGENT] XSS injection error page #381
- Non-static method WP_Auth0_Api_Client::convertCertToPem() should not be called statically #380
- Notices in /lib/admin/WP_Auth0_Admin_Advanced.php #374
- SSO login failing when not using implicit flow #363
- "Override WordPress avatars" option doesn't appear to work with comments #355
- Change log is missing from readme.txt, the separate changelog file is not updated #346
- Uninstall doesn't remove all Auth0 database plugin entries #322
- Unable to save migration IPs whitelist #320
- 3.2.16 throws errors if Error Log is empty #285
- Login plugin form name incorrect #269
Changed
- Readme updates #392 (joshcanhelp)
- Changed error handling #384 (joshcanhelp)
Fixed
- Changing boolval() and array shorthand to PHP 5.3-compatable #402 (joshcanhelp)
- Fixed SSO auto-login in Lock #394 (joshcanhelp)
- Renaming un-deprecated function #393 (joshcanhelp)
- Cleanup PR for 3.5.2 #391 (joshcanhelp)
- Improved setup wizard client create process #389 (joshcanhelp)
- Deleting all added options and transients on uninstall #387 (joshcanhelp)
- Fixed wrong title and icon for login widget #385 (joshcanhelp)
- XSS in error query vars #383 (joshcanhelp)
- Fixed migration IPs being saved #382 (joshcanhelp)
- Fixed get_avatar hooked function to account for other user identifiers #376 (joshcanhelp)
wordpress
- 3.5.1
Published by cocojoe over 6 years ago
wordpress
- 3.5.0
Published by cocojoe over 6 years ago
Important Note
This is a major update that requires changes to your Auth0 Dashboard to be completed. You can save a new API token in your Basic settings in wp-admin before upgrading and the changes will be made automatically during the update. Otherwise, please review your Client Settings, specifically Advanced > Grant Types, and authorize your Client for the Management API.
Changed
- updating CDN URLs for Lock and Auth.js #365 (joshcanhelp)
- Changing home_url() to site_url(), wp_login_url(), and wp_logout_url() #360 (joshcanhelp)
Fixed
- Changing algorithm for migration tokens #372 (joshcanhelp)
- Migration tokens only use HS256 #371 (joshcanhelp)
- Fixed automatic setup process for public sites #370 (joshcanhelp)
- Added use Management API for user data #368 (joshcanhelp)
- Fixing DB version upgrade #367 (joshcanhelp)
- Creating client_grant for management API #366 (joshcanhelp)
- Fixed login flow for new tenants, refactored verification email resend #364 (joshcanhelp)
- Fixed shortcode warning #362 (joshcanhelp)
- Fixing "Algorithm not allowed" error during user migration #361 (joshcanhelp)
- When activating using wp-cli the plugin should not redirect #344 (AubreyHewes)
wordpress
- 3.4.0
Published by cocojoe over 6 years ago
Added
- Added Lock 11 / Auth0 9.0, Updated SSO, JWT Algorithm Upgrade Fixes #350 (cocojoe)
- Add RS256 support #331 (renrizzolo)
Fixed
- Switching wizard admin user creation to use /dbconnections/signup #356 (joshcanhelp)
wordpress
- 3.3.2
Published by cocojoe about 7 years ago
Added
- Added translation support for a few user-facing exception messages #312 (idpaterson)
Changed
- Use literal 'wp-auth0' rather than WPA0_LANG constant #311 (idpaterson)
Package Rankings
Top 18.1% on Packagist.org
Badges
Extracted from project README's
