NewPath-Consulting / Wild-Apricot-Press

The core Wild Apricot Press (WAP) plugin.
https://newpathconsulting.com/wap
GNU General Public License v3.0
3 stars 1 forks source link

implement an oAuth style login option in WAP #144

Open asirota opened 1 year ago

asirota commented 1 year ago

For WAP, we need to support iframes that have member-restricted options (eg ticket types in events only available to members). The current authentication mechanism we have authenticates the user but does NOT create a WildApricot session through oAuth. As a result any non-public iframes are loaded as anonymous without a logged in state. Public widgets that have no member-access restrictions work, but as soon as a WildApricot member session is required the iframes load partially.

As a result, we will provide an alternative "Legacy Login (via oAuth)" option in Plugin Options -the option be a check box that is unchecked by default

When this option is turned on the following occurs

where the following attributes are optional: login_label - The label appearing on the login button logout_label - The label appearing on the logout button redirect_page - The WordPress to redirect the member to after logging in

<div class="wa_login_shortcode">
<form method="get">
<p><logged in DisplayName></p>
<input type="hidden" name="state" value="WaWpIntegrationLogout">
<input type="submit" name="waLoginAction" class="button button-primary" value="<logout_label from [wa_login]>" title="<logout_label from [wa_login]>">
</form>
</div>

After successful login all the userID syncin'g code in the WAP plugin should continue to store user metadata or update any changed metadata to be stored in WordPress as currently.

asirota commented 1 year ago

Here's the legacy plugin https://wordpress.org/plugins/wild-apricot-login/