How to synchronise Wordpress users with Auth0

Hello,
We have Wordpress and Angular sites using the same Auth0 instance. Some of the users sign up on Angular site and never go to Wordpress. Now we’d like to synchronise Wordpress with Auth0. In Wordpress we have subscription management engine and without user loging in to Wordpress, we are not able to manage their subscriptions. Is there a way to trigger synchronisation or do I need to create a user via Wordpress API everytime someone signs up to Auth0?

Hey there!

Really good question! Maybe one of our PHP+Wordpress experts @evansims will be able to share the best approach here. Thank you both!

Currently it looks like Wordpress REST API is the only option. So now the question comes what is the information that we need to sent via API so Auth0 plugin in Wordpress can recognise the user properly when he logs in.
Is it enough to provide user email so when he would try to log in to Wordpress, Auth0 would identify and match the inserted profile with the one stored on Auth0 servers?

What about users who use Facebook to authenticate and who revoke consent for email on the consent screen? - We see records in our Wordpress wp_users table with user_email set to “change_this_email@6358679291918.com” and we can’t find those users in Auth0 dashboard. So we suspect they are mentioned Facebook users but how the user is then matched?

Hi there! Apologies for the delay, been away on vacation.

Let me begin by saying we currently have two versions of our WordPress plugin — v4 in the WordPress marketplace, and v5.

v5 is not available on the WordPress marketplace quite yet, but will be in the near future. We’ll be listing it seperately from the current v4 release to avoid any surprise upgrades for users. In the vast majority of cases moving from v4 to v5 is trivial, but for those with custom integrations it isn’t a straightforward upgrade, as the plugins handle things quite differently and may expose APIs differently.

I’m sure you’re working with the v4 marketplace plugin, though, which is absolutely fine. We’ll be supporting 4 and 5 concurrently for the forseeable future. However, for the sake of future readers that stumble across this the thread, I’ll try to address these questions from the perspectives of both versions.

Is there a way to trigger synchronisation or do I need to create a user via Wordpress API everytime someone signs up to Auth0?

v4 — it is not possible to synchronise this automatically I’m afraid; you’d need to create an API call, as you mentioned.

v5 — Yes, these would be automatically synchronized if:

  • Background sychronisation is turned on. It will automatically create a matching WordPress user the next time the background task runs.
  • The match-by-email option is turned on. If a user logs in and a matching WordPress user isn’t already present, one is automatically created at login time using their Auth0 user details.

So now the question comes what is the information that we need to sent via API so Auth0 plugin in Wordpress can recognise the user properly when he logs in.

Matching is performed using a user’s user_id (or sub property, if you are reviewing their tokens). You can see a user’s ID by opening your users page (https://manage.auth0.com/#/users), clicking a user, and noting the user_id displayed.

Both plugin versions store this user_id in the local WordPress database.

What about users who use Facebook to authenticate and who revoke consent for email on the consent screen? - We see records in our Wordpress wp_users table with user_email set to “change_this_email@6358679291918.com” and we can’t find those users in Auth0 dashboard. So we suspect they are mentioned Facebook users but how the user is then matched?

As you correctly identified, if an email is not provided or otherwise available to the plugin during user creation, a mock email is used instead.

You’ll need to ensure your Angular app (the one registering the user on Auth0’s side) supplies your WordPress API with the user_id during user registration so the match can be established.

Hi @evansims ,
Somehow I missed your reply earlier. Thanks for the detailed explanation. We’re looking forward to the v4 version.

In the meantime we’ve implemented API calls from our backend to Wordpress.
Short description so maybe someone we’ll benefit from that.
It takes 3 api calls to create a user properly. First we call custom endpoint to search by auth0_id, if not found we send POST request to standard wordpress api to create a user with a very basic information

POST wp-json/wp/v2/users/
{"username":"jane","password":"secret","email":"jane@example.com"}

and the last one is call to the same endpoint but we have user id at hand from the previous call

POST /wp-json/wp/v2/users/1857
{"meta":{"wp_auth0_id":"auth0|64b67f4c6bc8c30754e7dab4"}}

cheers