Wordpress IndieAuth Plugin

From IndieWeb
Jump to: navigation, search

The WordPress IndieAuth Plugin is a WordPress plugin that adds IndieAuth support to WordPress.

The original release, written in 2013 by  Matthias Pfefferle, added support for logging into a WordPress site using Indieauth.com. The intention from the beginning was to eventually make WordPress an IndieAuth server as well.

In 2017, after stagnation, the plugin was transferred to the Indieweb repository. David Shanske committed to rewriting the existing functionality as it used unsupported/undocumented features of Indieauth.com and to try to make the plugin usable with any IndieAuth server, not just Indieauth.com.

This second release is still in process before being released.

There is a third release hoped for that would add the server functionality directly to the plugin.

Use Cases

The below is brainstorming the use cases that this plugin solves or will solve in the future.

Logging in to a multi-user Wordpress via IndieAuth

✔️ Implemented in the original release


  • The Website field in the User's profile lists a URL that has one or more rel="me" profiles to Twitter, GitHub, etc.
  • The user wants to use another service to log in to Wordpress instead of typing a password. This is usually Rel-Me-Auth.

How it works:

  • When installing the plugin, the admin configures an authentication service to use (defaults to indieauth.com). In the original release, it only supported indieauth.com
  • When viewing the Wordpress login screen, there is an additional web sign-in prompt under the username/password
  • The user enters the URL that is in their profile, and the plugin redirects to the authentication service
  • The plugin verifies the auth code with the service and logs the user in

Note: The does not currently do discovery on the provided URL to find the authorization_endpoint, but there is a PR pending for this. The trust relationship here is that the user has to add the website to their user account for it to allow login.

Using IndieAuth Authorization

❌ Not yet implemented

  • For now, the Micropub plugin handles this.
  • Recent commits have added support verifying tokens from token endpoints, and could take this function over in future as the code functionality is there, but hooks in at a deeper level.
  • Goal of this was to allow access to the WordPress REST API, which is customizable(It is used for the Webmention plugin, for example) using an Indieauth Token.

See also

Topics Getting Started on WordPressAdvanced WordPress Set UpPluginsThemesExamplesWordPress with BridgyDevelopmentDataSecurity
Primary Plugins Indieweb PluginWebmentionSemantic LinkbacksMicropubIndieAuthPost KindsSyndication LinksWebSub plugins
POSSE Plugins Social Network Auto PosterJetPack PublicizeBridgy Publish pluginWP CrosspostTumblr CrosspostrMediumDiasposter
PESOS Plugins Keyring Social ImportersDsgnWrks Twitter ImporterDsgnWrks Instagram Importer
Other Plugins Webmention for (Threaded) CommentsIndieWeb Press ThisWordPress uf2OpenIDSimple LocationIndieweb ActionsPressForwardYarns Indie ReaderWhisperFollowblogroll2email
Themes SemPress • (SemPress Child Themes: SemPress Lite, SenPress, and Index) • ZenPressIndependent Publishermf2_s
Assistance Join the #indieweb chatIRC and other chat optionsWordPress FAQWordPress Outreach ClubTroubleshooting TipsWordPress channel
See Also WordPress related wiki pagesWordPress.comAWS Tutorial