{"id":118476,"date":"2020-03-21T01:45:46","date_gmt":"2020-03-21T01:45:46","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/xlogin\/"},"modified":"2021-06-05T00:45:31","modified_gmt":"2021-06-05T00:45:31","slug":"xlogin","status":"publish","type":"plugin","link":"https:\/\/test.wordpress.org\/plugins\/xlogin\/","author":17487596,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1.2","stable_tag":"1.1.3","tested":"5.7.15","requires":"5.3","requires_php":"7.0","requires_plugins":"","header_name":"XLogin","header_author":"Patrick Lai","header_description":"Login using external auth mechanisms.","assets_banners_color":"","last_updated":"2021-06-05 00:45:31","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":0,"downloads":1836,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0":{"tag":"1.0","author":"scoop082110","date":"2020-03-22 19:43:18"},"1.1":{"tag":"1.1","author":"scoop082110","date":"2020-05-24 07:33:01"},"1.1.1":{"tag":"1.1.1","author":"scoop082110","date":"2020-05-25 03:32:51"},"1.1.2":{"tag":"1.1.2","author":"scoop082110","date":"2020-10-06 05:20:49"},"1.1.3":{"tag":"1.1.3","author":"scoop082110","date":"2021-06-05 00:45:31"}},"upgrade_notice":{"":"<p>None yet.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":2266781,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":2266781,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0","1.1","1.1.1","1.1.2","1.1.3"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":2264831,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":2264831,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":2310981,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":2310981,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":2264831,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":2264831,"resolution":"6","location":"assets","locale":""}},"screenshots":{"1":"WordPress login page with buttons for external logins.","2":"Display name of user imported from external service, e.g. Facebook.","3":"XLogin settings page.","4":"Configuration of OAuth2 based external service, e.g. Google.\nNote the redirect URI that should be added to the OAuth2 client\nconfiguration in the external service.","5":"Add or update an external alias.","6":"Upload CSV file of external aliases."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[157,150,602,2061,2664],"plugin_category":[38,56],"plugin_contributors":[183261],"plugin_business_model":[],"class_list":["post-118476","plugin","type-plugin","status-publish","hentry","plugin_tags-facebook","plugin_tags-google","plugin_tags-login","plugin_tags-oauth","plugin_tags-yahoo","plugin_category-authentication","plugin_category-social-and-sharing","plugin_contributors-scoop082110","plugin_committers-scoop082110"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/xlogin\/assets\/icon-128x128.png?rev=2266781","icon_2x":"https:\/\/ps.w.org\/xlogin\/assets\/icon-256x256.png?rev=2266781","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/xlogin\/assets\/screenshot-1.png?rev=2264831","caption":"WordPress login page with buttons for external logins."},{"src":"https:\/\/ps.w.org\/xlogin\/assets\/screenshot-2.png?rev=2264831","caption":"Display name of user imported from external service, e.g. Facebook."},{"src":"https:\/\/ps.w.org\/xlogin\/assets\/screenshot-3.png?rev=2310981","caption":"XLogin settings page."},{"src":"https:\/\/ps.w.org\/xlogin\/assets\/screenshot-4.png?rev=2310981","caption":"Configuration of OAuth2 based external service, e.g. Google.\nNote the redirect URI that should be added to the OAuth2 client\nconfiguration in the external service."},{"src":"https:\/\/ps.w.org\/xlogin\/assets\/screenshot-5.png?rev=2264831","caption":"Add or update an external alias."},{"src":"https:\/\/ps.w.org\/xlogin\/assets\/screenshot-6.png?rev=2264831","caption":"Upload CSV file of external aliases."}],"raw_content":"<!--section=description-->\n<p>XLogin enhances the WordPress login page (usually wp-login.php) to\nallow users to authenticate with the following external services:<\/p>\n\n<ul>\n<li>Facebook Login<\/li>\n<li>Google Sign-In<\/li>\n<li>Yahoo! OAuth<\/li>\n<\/ul>\n\n<p>These services can be enabled or disabled individually. XLogin adds a\nbutton to the WordPress login page for each enabled service. Clicking\nthe button sends the browser to the corresponding external service\nwhere the user can authorize the WordPress site to access their\ninformation. Having been granted access to, for example, the Facebook\npublic profile of a user, XLogin retrieves their email address to\nfind a matching WordPress user to complete the login process.<\/p>\n\n<p>XLogin also maintains a list of external aliases. They are additional\nemail addresses for mapping to WordPress users. Some scenarios where\nexternal aliases can be handy include:<\/p>\n\n<ol>\n<li><p>A user's email address in his WordPress profile is not used in any\nof the external services. For example, a corporate WordPress site\nmay mandate the use of company email addresses in user\nprofiles. If a user has for example his Gmail address in the\nexternal alias list, they can still nevertheless sign in Google.<\/p><\/li>\n<li><p>A WordPress user account is shared by a group of actual\nusers. With XLogin it is not necessary to have the users share a\nsingle password. Instead just register their email addresses (as\nknown by the external services) as external aliases; it becomes a\nsimple matter to add and remove user.<\/p><\/li>\n<\/ol>\n\n<p>XLogin has the option to restrict an external service to only users with\nexternal aliases. This allows tight control on who can use external\nservices to login.<\/p>\n\n<p>A user's profile in WordPress and in the external service may be\ndifferent.  Email address is one, and display name (or its component\nfamily and given names) is another. XLogin offers the option to import\nthe external profile information into the current session. The imported\ndisplay name will be tagged with the external service name. For\nexample, if a user has display name 'John Doe' in WordPress, but is\nknown as 'Johnny D' in his Facebook account, then he would be\ndisplayed as 'Johnny D (Facebook)' (instead of 'John Doe') in his\nWordPress session when he logs in with Facebook.<\/p>\n\n<p>Finally XLogin has the notion of 'guest' user. When an email address\nprovided by an external service does not correspond to a specific\nWordPress user, XLogin will proceed with a guest WordPress user\nconfigured for the service. There are plugins that control access to\ncontent based on user roles; a site can combine such with XLogin to\ncontrol what is visible to guests. Note that guest WordPress users\nshould have minimal privileges. XLogin has safeguards to ensure, for\nexample, that a guest cannot edit posts. It also filters out guest's\npermission to access the dashboard or to update their own profile.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to the '...\/wp-content\/plugins\/xlogin'\ndirectory, or install the plugin through the 'Plugin's screen in\nWordPress.<\/li>\n<li>Activate the plugin.<\/li>\n<li>Configure external services for login on the Settings-&gt;XLogin page.\n\n<ul>\n<li>Enter configuration data for the external service. For an\nOAuth2 based service, that means client ID and client\nsecret. Note that the redirect URI for OAuth2 is displayed here.<\/li>\n<li>Set per-service options:\n\n<ul>\n<li>Restrict to users with external aliases.<\/li>\n<li>Import profile information (email address and name) from\nexternal service into session.<\/li>\n<\/ul><\/li>\n<li>Enable external services.<\/li>\n<\/ul><\/li>\n<li>Maintain external aliases on the Settings-&gt;XLogin page.\n\n<ul>\n<li>Aliases may be added\/updated\/deleted one at a time.<\/li>\n<li>Filters may be applied to the list of aliases displayed.<\/li>\n<li>Multiple aliases may be uploaded in a CSV file. Each line in the\nfile contains an email address and a WordPress user name,\nseparated by comma.<\/li>\n<\/ul><\/li>\n<\/ol>\n\n<p>If WordPress permalinks are 'plain', one may need to configure the\nweb server to route callbacks from external service to WordPress\nindex.php script. For Apache that would mean rewrite rules in\n.htaccess like theses:\n    <code>RewriteEngine On\n  RewriteRule wp-content\/plugins\/xlogin\/callback\/ index.php [L]<\/code><\/p>\n\n<!--section=faq-->\n<dl>\n<dt id='does%20this%20work%20with%20wordpress%20version%20x%3F'><h3>Does this work with WordPress version X?<\/h3><\/dt>\n<dd><p>This plugin was originally developed with WordPress 5.3. It has been\ntested to various extent up to 5.7.<\/p><\/dd>\n<dt id='does%20this%20work%20with%20php%205.x%3F'><h3>Does this work with PHP 5.x?<\/h3><\/dt>\n<dd><p>No. This plugin uses various PHP 7.x features. Backporting to PHP 5.x\nshould not be difficult however.<\/p><\/dd>\n<dt id='how%20do%20i%20obtain%20client%20id%20and%20secret%20to%20configure%20an%20oauth2%20based%20external%20service%28%20e.g.%20facebook%29%3F'><h3>How do I obtain client ID and secret to configure an OAuth2 based external service( e.g. Facebook)?<\/h3><\/dt>\n<dd><p>Here are some pointers:<\/p>\n\n<ul>\n<li><p>Google. A project must first be set up. OAuth2 clients are\nmanaged on the <a href=\"https:\/\/console.developers.google.com\/apis\/credentials\">API credentials<\/a> page. Use an existing or\ncreate a new OAuth client, of 'web application' type.<\/p><\/li>\n<li><p>Facebook. An 'app' must first be set up. Use the 'App ID' and\n'App Secret' from the its basic settings page for client ID and\nsecret respectively. Add Facebook Login to the product list of the\napp, and configures the redirect URI there.<\/p><\/li>\n<li><p>Yahoo. A Yahoo app corresponds to an OAuth2 client. Make sure\nyour app has email and profile permissions for OpenID Connect.<\/p><\/li>\n<\/ul><\/dd>\n<dt id='a%20user%20tries%20to%20login%20with%20google%2C%20but%20gets%20sent%20back%20to%20the%20wordpress%20login%20page%20with%20a%20%22google%20user%20not%20recognized%22%20error.%20what%20does%20this%20mean%3F'><h3>A user tries to login with Google, but gets sent back to the WordPress login page with a \"Google user not recognized\" error. What does this mean?<\/h3><\/dt>\n<dd><p>XLogin uses the email address provided by Google (or whatever external\nservice) to map to a WordPress user. Check the following:<\/p>\n\n<ul>\n<li><p>Is the email address registered as an external alias in XLogin?<\/p><\/li>\n<li><p>Does email address belong to a WordPress user profile? If so,\nmake sure the external service is not configured as 'restricted'.<\/p><\/li>\n<\/ul><\/dd>\n<dt id='the%20%22%2Axyz%2A%20user%20not%20recognized%22%20error%20is%20confusing.%20can%20the%20login%20page%20show%20only%20external%20login%20buttons%20that%20are%20applicable%20to%20the%20user%3F'><h3>The \"*XYZ* user not recognized\" error is confusing. Can the login page show only external login buttons that are applicable to the user?<\/h3><\/dt>\n<dd><p>Generally XLogin may not know anything about the user until the end of\nauthentication\/authorization with the external service, so it would be\na challenge.<\/p><\/dd>\n<dt id='how%20does%20xlogin%20override%20the%20email%20and%20display%20name%20of%20a%20user%3F'><h3>How does XLogin override the email and display name of a user?<\/h3><\/dt>\n<dd><p>This is rather technical, but is important for ongoing maintenance of\nthe plugin. This answer is intended for PHP developers working with\nWordPress.<\/p>\n\n<p>WordPress keeps track of the user of the current request in various PHP\nglobal variables. XLogin installs a callback for the <code>set_current_user<\/code>\naction to inject profile information from external service into them.\nThe action name and the global data structures may be specific to\nWordPress versions; the file <code>init.php<\/code> and the PHP method\n    XLogin::importXUser() are expected to be modified to support more\nWordPress versions.<\/p><\/dd>\n<dt id='can%20xlogin%20be%20used%20for%20new%20user%20registration%3F'><h3>Can XLogin be used for new user registration?<\/h3><\/dt>\n<dd><p>This is not supported currently.<\/p><\/dd>\n<dt id='can%20xlogin%20support%20other%20external%20services%3F'><h3>Can XLogin support other external services?<\/h3><\/dt>\n<dd><p>XLogin uses the <a href=\"https:\/\/oauth2-client.thephpleague.com\/\">OAuth 2 Client<\/a> from The League of\nExtraordinary Packages. It should be straightforward to add an\nadditional OAuth2 based login service as long as a compatible\n<em>provider<\/em> is available. See the <a href=\"https:\/\/oauth2-client.thephpleague.com\/providers\/league\/\">list of providers<\/a>.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1.2<\/h4>\n\n<ul>\n<li>Facebook Graph API version may be specified in customization settings.<\/li>\n<li>Admin page built with Vue.js components that are bundled by webpack.js.<\/li>\n<li>Miscellaneous bug fixes.<\/li>\n<\/ul>\n\n<h4>1.1.1<\/h4>\n\n<ul>\n<li>Miscellaneous bug fixes.<\/li>\n<\/ul>\n\n<h4>1.1<\/h4>\n\n<ul>\n<li>Custom message to display with external login buttons.<\/li>\n<li>Guest user for unmatched email address.<\/li>\n<\/ul>\n\n<h4>1.0<\/h4>\n\n<ul>\n<li>First version published.<\/li>\n<\/ul>","raw_excerpt":"Login to WordPress with external services like Facebook, Google, and Yahoo.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/118476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=118476"}],"author":[{"embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/scoop082110"}],"wp:attachment":[{"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=118476"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=118476"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=118476"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=118476"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=118476"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/test.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=118476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}