Login by Auth0

Beskrivning

This plugin replaces standard WordPress login forms with one powered by Auth0 that enables:

  • Universal authentication
    • Over 30 social login providers
    • Enterprise connections (ADFS, Active directory / LDAP, SAML, Office 365, Google Apps and more)
    • Connect your own database
    • Passwordless connections (using email or SMS)
  • Ultra secure
    • Multifactor authentication
    • Password policies
    • Email validation
    • Mitigate brute force attacks

Technical Notes

IMPORTANT: By using this plugin you are delegating the site authentication and profile handling to Auth0. That means that you won’t be using the WordPress database to authenticate users and the default WordPress login forms will be replaced.

Please see our How It Works page for more information on how Auth0 authenticates and manages your users.

Migrating Existing Users

Auth0 allows multiple authentication providers. You can have social providers like Facebook, Twitter, Google+, and more, a database of users and passwords (just like WordPress but hosted in Auth0), or you can use an Enterprise directory like Active Directory, LDAP, Office365, Google Apps, or SAML. All those authentication providers might give you an email and a flag indicating whether the email was verified or not. We use that email (only if its verified) to associate a previous existing user with the one coming from Auth0.

If the email was not verified and there is an account with that email in WordPress, the user will be presented with a page saying that the email was not verified and a link to ”Re-send the verification email.” For either scenario, you can choose whether it is mandatory that the user has a verified email or not in the plugin settings.

Please note: In order for a user to login using Auth0, they will need to sign up via the Auth0 login form (or have an account created for them in Auth0). Once signup is complete, their Auth0 user will be automatically associated with their WordPress user.

Widget

You can enable the Auth0 as a WordPress widget in order to show it in a sidebar. The widget inherits the main plugin settings but can be overridden with its own settings in the widget form. Note: this form will not display for logged-in users.

Shortcode

Also, you can use the Auth0 widget as a shortcode in your editor. Just add the following to use the global settings:

[auth0]

Like widgets, shortcode login forms will use the main plugins settings. It can be customized by adding the following attributes:

  • icon_url – A direct URL to an image used at the top of the login form
  • form_title – Text to appear at top of the login form
  • gravatar – Display the user’s Gravatar; set to 1 for yes
  • redirect_to – A direct URL to use after successful login
  • dict – Valid JSON to override form text (see options here)
  • extra_conf – Valid JSON to override Lock configuration (see options here)
  • show_as_modal – Display a button which triggers the login form in a modal; set to 1 for yes
  • modal_trigger_name – Button text to display when using a modal

Exempel:

[auth0 show_as_modal="1" modal_trigger_name="Login button: This text is configurable!"]

Note: this form will not display for logged-in users.

Installation

This plugin requires a free or paid Auth0 account.

  1. Sign up here.
  2. Follow the installation instructions here.

Vanliga frågor

Can I customize the Auth0 login form?

The Auth0 login form is called Lock and it’s open source on GitHub. You can style the form like any of your site components by enqueuing a stylesheet in your theme. Use the login_enqueue_scripts hook to style the form on wp-login.php, wp_enqueue_scripts to style widgets and shortcodes, or both to affect the form in all locations.

Can I access the user profile information?

The Auth0 plugin transparently handles login information for your WordPress site and the plugins you use, so that it looks like any other login. User profile data changes in WordPress are not currently sent to Auth0 but changes to the Auth0 user account are stored in WordPress user meta (under the key auth0_obj prefixed with $wpdb->prefix).

When I install this plugin, will existing users still be able to login?

Yes, either allowing the WordPress login form to be displayed or by migrating existing users. See the Technical Notes section above.

What authentication providers do you support?

Please see our complete list of supported social and enterprise authentication providers.

How can I use Lock configuration options that are not provided in the settings page?

Use the ”Extra Settings” field on the plugin settings’ Advanced tab to add a JSON object with all additional configurations. For more information on what else can be configured, see the documentation.

Is this plugin compatible with WooCommerce?

Yes, this plugin will override the default WooCommerce login forms with the Auth0 login form.

My question is not covered here … what do I do?

All is not lost!

Recensioner

30 januari, 2018
Now working as expected. Fast, tenacious and good support from Josh C on the plugin, after I'd posted on the forum. My problems *all* stemmed from having a blank WP Site Title. The blank Site Title caused the Auth0 Setup Wizard to end with errors. Manual configuration of Auth0 Client and Connection DB got the plugin to work, but then couldn't login after update of plugin to 3.5.1 I've stuck with the plugin as the benefits are so good, here are some of them: * easier and trustworthy signup and login for users * in Auth0 site able to amend a couple of example rules to have Whitelist of domains and email addresses to restrict who can sign up and login, which is great for testing * advent of GDPR in EU May 2018 means we can meet the data restrictions by ensuring all sensitive (and attributable) user data in Auth0 rather than our site, still checking with the lawyers as to whether this will meet our GDPR obligations * harmonised sign up login across a multi-host solution in GO-lang, NodeJS, WordPress, PHP, YAML API in Swagger and other technologies
18 januari, 2018
The plugin does not work as intended. It worked for a while and I loved it, but I cannot use it anymore as my users cannot sign in. I am forced to look for another solution because there is no support available for the free version.
10 januari, 2018
This plugin doesn't work pending changes to their API. You will keep getting a can't connect error. On their support forum: the underlying cause in this specific case was that the recent deprecation notice for Lock 10 and below when used in embedded login scenarios meant that new tenants don't even have access to those API's. In addition, the WordPress plugin current version is still making use of Lock 10 so the issue will surface in new tenants due to unavailability of legacy API's; there's already ongoing work to update the WordPress plugin to Lock 11 so this will be addressed in the next version of the plugin. *UPDATE* The plugin seems to have been fixed now and it works. *UPDATE 2* The original connection error has been fixed but now the database fails to connect to WordPress so basically you can't authenticate and you can't migrate users. Log says 'Algorithm not allowed'. Wasted about 12 hours on this trying to get it work doing everything recommended on the support forums. Final verdict: too unreliable/amateurish to be safely used on a production account. Extremely unstable development with the breaking updates which are released in a very dis-organised manner with no warning.
16 februari, 2017
Not usable. The plugin can't connect to the auth0 site. Manual connection is incomprehensible.
Läs alla 12 betyg

Bidragsgivare och utvecklare

”Login by Auth0” är programvara med öppen källkod. Följande personer har bidragit till detta tillägg.

Bidragande personer

”Login by Auth0” har översatts till 1 språk. Tack till översättarna för deras bidrag.

Översätt ”Login by Auth0” till ditt språk.

Intresserad av programutveckling?

Läs programkoden, kika på SVN-filförvaret eller prenumerera på utvecklarloggen via RSS.