implement an oAuth style login option in WAP

[asirota]

For WAP, we need to support iframes that have member-restricted options (eg ticket types in events only available to members). The current authentication mechanism we have authenticates the user but does NOT create a WildApricot session through oAuth. As a result any non-public iframes are loaded as anonymous without a logged in state. Public widgets that have no member-access restrictions work, but as soon as a WildApricot member session is required the iframes load partially.

As a result, we will provide an alternative "Legacy Login (via oAuth)" option in Plugin Options -the option be a check box that is unchecked by default

• add text to indicate that this approach is necessary for full iframe compatibility

When this option is turned on the following occurs

• when adding a login button to the configured menu add the wa_login shortcode into the menu bar with the default options (these can be changed later by the admin"
• The options are [wa_login login_label="Login" logout_label='Logout' redirect_page="/"]

where the following attributes are optional: login_label - The label appearing on the login button logout_label - The label appearing on the logout button redirect_page - The WordPress to redirect the member to after logging in

• the legacy wa_login shortcode builds a

  with hidden options derived from the plugin settings and adds this form into the Login button

• <div class="wa_login_shortcode">
  <form action="https://<authorized WA account domain name>/sys/login/OAuthLogin" method="get">
  <input type="hidden" name="scope" value="contacts_me">
  <input type="hidden" name="client_id" value="<CLIENTID>">
  <input type="hidden" name="response_type" value="authorization_code">
  <input type="hidden" name="claimed_account_id" value="<WA_ACCOUNT_ID>">
  <input type="hidden" name="state" value="WaWpIntegrationLogin">
  <input type="hidden" name="redirect_uri" value="<the redirect_page configured from [wa_login]>">
  <input type="submit" name="waLoginAction" class="button button-primary" value="<login_label from [wa_login]>" title="<login_label from [wa_login]">></form>
  </div>

• once the successful token is return from the oAuth login, the login button changes into the Logout label form

<div class="wa_login_shortcode">
<form method="get">
<p><logged in DisplayName></p>
<input type="hidden" name="state" value="WaWpIntegrationLogout">
<input type="submit" name="waLoginAction" class="button button-primary" value="<logout_label from [wa_login]>" title="<logout_label from [wa_login]>">
</form>
</div>

After successful login all the userID syncin'g code in the WAP plugin should continue to store user metadata or update any changed metadata to be stored in WordPress as currently.

[asirota]

Here's the legacy plugin https://wordpress.org/plugins/wild-apricot-login/