Wordpress IndieAuth Plugin

From IndieWeb
Jump to: navigation, search


The WordPress IndieAuth Plugin is a WordPress plugin that adds IndieAuth support to WordPress.

The original release, written in 2013 by  Matthias Pfefferle, added support for logging into a WordPress site using Indieauth.com. The intention from the beginning was to eventually make WordPress an IndieAuth server as well.

In 2017, after stagnation, the plugin was transferred to the Indieweb repository. David Shanske rewrote the existing functionality as it used unsupported/undocumented features of Indieauth.com and made the plugin usable with any IndieAuth server, not just Indieauth.com. Version 2.0, now released, also implements an IndieAuth endpoint inside the plugin, instead of relying on Indieauth.com.

Terminology

  • web sign-in - logging in to WordPress
  • IndieAuth - using wordpress to log in to other places such as Micropub apps

Use Cases

The below is brainstorming the use cases that this plugin solves or will solve in the future. These should include enough information and steps to be able to test the plugin when making changes.

Web Sign-In

Logging in to a multi-user WordPress site via IndieAuth

Assumptions:

  • A group WordPress blog with this plugin, e.g. https://notiz.blog/
  • An individual with a personal WordPress blog with this plugin, e.g. https://pfefferle.org/
    • Note: this works just as well with a personal site that supports IndieAuth that does not run WordPress
  • There is a user record in notiz.blog with the user's profile URL of https://pfefferle.org/

Plugin Configuration:

  • notiz.blog
    • The IndieWeb plugin is set to a multi-author site
    • The IndieAuth plugin has the "Use IndieAuth login" setting checked
    • The IndieAuth plugin is set to use the built-in IndieAuth endpoint
  • pfefferle.org
    • The IndieWeb plugin is set to a single-author site
    • The IndieAuth plugin is set to use the built-in IndieAuth endpoint

How it Works:

  • When the user views the Wordpress login screen of the group blog, there is an additional web sign-in prompt under the username/password
  • The user enters the URL that is in their profile (their personal site), and the plugin redirects to their personal wordpress site
  • The user sees the login request prompt and clicks "Approve"
  • The user is redirected back to the group blog with an authorization code in the query string
  • The group blog verifies the authorization code with the user's WordPress site, and then starts a session for the user

Logging in to a multi-user WordPress site via RelMeAuth

🚫 This is not currently supported

Assumptions:

  • A group WordPress blog with this plugin, e.g. https://notiz.blog/
  • An individual with a personal WordPress blog, e.g. https://pfefferle.org/
    • The personal blog does not have the IndieAuth plugin installed
    • The personal blog has a rel=me link to Twitter and GitHub on the home page
  • There is a user record in notiz.blog with the user's profile URL of https://pfefferle.org/

Plugin Configuration:

  • notiz.blog
    • The IndieWeb plugin is set to a multi-author site
    • The IndieAuth plugin has the "Use IndieAuth login" setting checked
    • The IndieAuth plugin is set to use the built-in IndieAuth endpoint
  • pfefferle.org
    • No IndieAuth plugin is installed
    • A GitHub and Twitter username are entered in the user's profile
    • The IndieWeb Plugin is installed, which adds rel=me links to the user's GitHub and Twitter profile

How it Works:

  • When the user views the Wordpress login screen of the group blog, there is an additional web sign-in prompt under the username/password
  • The user enters the URL that is in their profile (their personal site)
  • The group blog does not find an IndieAuth server at that URL, but notices the rel=me links
  • The group blog sends the user to indielogin.com to complete the RelMeAuth authentication
  • Upon a successful authentication (via Twitter or GitHub, etc) at indielogin.com, the user is redirected back to the group blog with an authorization code from indielogin.com
  • The group blog verifies the authorization code with indielogin.com and starts a session for the user

IndieAuth

Logging in to the IndieWeb Wiki using your WordPress Site via IndieAuth

(Authentication)


Authorizing a Micropub app to Post to your WordPress

(Authorization)

See also


WordPress
Topics Getting Started on WordPressAdvanced WordPress Set UpPluginsThemesExamplesWordPress with BridgyDevelopmentDataSecurity
Primary Plugins Indieweb PluginWebmentionSemantic LinkbacksMicropubIndieAuthPost KindsSyndication LinksWebSub plugins
POSSE Plugins Social Network Auto PosterJetPack PublicizeBridgy Publish pluginWP CrosspostTumblr CrosspostrMediumDiasposter
PESOS Plugins Keyring Social ImportersDsgnWrks Twitter ImporterDsgnWrks Instagram Importer
Other Plugins Webmention for (Threaded) CommentsIndieWeb Press ThisWordPress uf2OpenIDSimple LocationIndieweb ActionsPressForwardYarns Indie ReaderWhisperFollowblogroll2email
Themes SemPress • (SemPress Child Themes: SemPress Lite, SenPress, and Index) • ZenPressIndependent Publishermf2_sTwenty Sixteen IndieWeb-friendly fork
Assistance Join the #indieweb chatIRC and other chat optionsWordPress FAQWordPress Outreach ClubTroubleshooting TipsWordPress channel
See Also WordPress related wiki pagesWordPress.comAWS Tutorial