Auth0 Home Blog Docs

Issues with WordPress integration

#1

Let me start with the explanation that I want my WordPress app to be accessible only to users with login credentials and I want to use the Auth0 dashboard to provision these users.

I have just installed WordPress app at Digital Ocean and then installed the WordPress Login Plugin from https://auth0.com/wordpress. I have created the required application at Auth0 dashboard and finally defined all Auth0 Plugin settings.

At this point, the WordPress app has only the single user (wp-admin) in its database and I want to provision all other users from Auth0 Dashboard.

The question is this: I would like to provide my WordPress app with the Login UI item - and being a lot more experienced with Auth0 than WordPress I am not sure how to ensure that a click on that Login UI item triggers the Auth0 authentication.

My guess would be that I need to install some WordPress “Login plugin”, which might then recognize that I already have Auth0 WordPress plugin installed and created the needed connectivity between my app and the Auth0 PaaS.

Any hints - I am assuming that I am not the first time user of this (very nicely integrated WordPress Auth0 plugin)?

#2

I am not sure what is the average time interval to see some response to a newly posted topic, but I am pretty sure that the perceived complexity of a post would not result with quicker responses :slight_smile:

So, I will rephrase my original post as a sequence of a few simple questions - where I correctly installed the Auth0 Wordpress plugin (https://auth0.com/wordpress).

  1. WordPress typically uses two endpoints for its native authentication - “wp-admin” for the administrator and “wp-login.php” for the rest of the users. When I install the Auth0 plugin, I expected that the “wp-admin” will remain and only the endpoint for the authentication of all users will be handled by Auth0 plugin. Is this the correct analysis?

  2. I have not seen any support for “authorization claims” in the documentation for this plugin (I know how would I do this in my own SPA / Web app). Since both endpoints (“wp-admin” and “wp-login.php”) are handled by Auth0, how do I implement the Auth0 equivalent of admin’s access rights?

  3. I would like to ensure nobody can access my site without authentication. In my current situation, the “Allowed Web Origin” in the form https:my-application.com does not invoke authentication - only https:my-application.com/wp-admin and https:my-application.com/wp-login.php do.

Anyone willing to help me get going? Thanks in advance.