[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbarIByeCFZN9WUmK28Zh2vAhQKlgfoE6a-hakE6HOjo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":63,"crawl_stats":38,"alternatives":68,"analysis":177,"fingerprints":346},"oauth-client-for-user-authentication","OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )","3.1.1","mysteve06","https:\u002F\u002Fprofiles.wordpress.org\u002Fmysteve06\u002F","\u003Cp>WordPress OAuth client SSO ( OAuth 2.0 & OpenID SSO ) plugin allows login ( Single Sign On ) with your OAuth Servers like  AWS Cognito, Amazon, Azure AD, Azure B2C, Clever, Discord, Google, Google Apps, GitHub, GitLab, Invision Community, Keycloak, LinkedIn, Office 365, Okta, OpenAM, PayPal, Ping Identity, Salesforce, WSO2 Identity Server, Zendesk or other custom OAuth 2.0 \u002F OpenID Connect providers. It works with any OAuth Provider that complies with OAuth 2.0 Server and OpenID Connect (OIDC) 1.0 standards. With WP OAuth Client, no third-party is required. This plugin has everything you require.\u003C\u002Fp>\n\u003Ch4>OAuth Client 2.0 \u002F OpenID Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Attribute Mapping\u003C\u002Fli>\n\u003Cli>Role Mapping\u003C\u002Fli>\n\u003Cli>Connectivity Test user validation by entering the credentials in the plugin using OAuth Client.\u003C\u002Fli>\n\u003Cli>Redirect to specific URL after Auto-Login \u002F Register\u003C\u002Fli>\n\u003Cli>Redirect based on URL\u003C\u002Fli>\n\u003Cli>Allow only specific IP addresses to Login \u002F Register based\u003C\u002Fli>\n\u003Cli>Allow only domains to Register based\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported list of OAuth Grant types ( Comming Soon )\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Authorization Code grant (currently support)\u003C\u002Fli>\n\u003Cli>OpenID Connect ( currently support )\u003C\u002Fli>\n\u003Cli>Implicit grant\u003C\u002Fli>\n\u003Cli>User Credentials\u003C\u002Fli>\n\u003Cli>Client Credentials\u003C\u002Fli>\n\u003Cli>Refresh Token\u003C\u002Fli>\n\u003Cli>OpenID Discovery\u003C\u002Fli>\n\u003Cli>Public Clients \u003C\u002Fli>\n\u003Cli>Public Client Proof of Key Exchange ( PKCE )\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported list of popular OAuth Servers\u003C\u002Fh3>\n\u003Ch3>Our WordPress OAuth client Single Sign On ( WordPress SSO ) plugin supports any third-party \u002F OAuth OpenID providers. Some OAuth providers are listed below.\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>OAuth SSO Login with Azure AD\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with AWS Cognito\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Amazon\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Azure AD\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Azure B2C\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Clever\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Discord\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Google\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Google Apps\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with GitHub\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with GitLab\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Invision Community\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Keycloak\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with LinkedIn\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Office 365\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Okta\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with OpenAM\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with PayPal\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Ping Identity\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Salesforce\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Slack\u003C\u002Fli>\n\u003Cli>OAuth SSO Login wtth WSO2 Identity Server\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with WHMC\u003C\u002Fli>\n\u003Cli>OAuth SSO Login with Zendesk \u003C\u002Fli>\n\u003Cli>OAuth SSO Login with custom OAuth 2.0 \u002F OpenID Connect providers\u003C\u002Fli>\n\u003Cli>It works with any OAuth Provider that complies with OAuth 2.0 Server and OpenID Connect ( OIDC )\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>To assist with the setup, our team is only an email away from you. Please drop us an email at mysteve06@gmail.com so that one member of our team can reach you in no time to set up the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About OAuth and SSO\u003C\u002Fh3>\n\u003Ch4>What is Single Sign-On ?\u003C\u002Fh4>\n\u003Cp>Single sign-on (SSO) is a form of authentication that allows users to use just one set of credentials to safely authenticate several applications and websites. OAuth and OpenID Connect are token-based Single Sign-On (SSO) protocols that allow third-party applications to access an end user’s account information without revealing the password.\u003C\u002Fp>\n\u003Ch4>What is OAuth ?\u003C\u002Fh4>\n\u003Cp>OAuth is an open-standard authorization protocol or mechanism that provides the “secure designated access” ability for applications. For example, without having to give example.com your OAuth Server password, you can tell your OAuth Server that it’s OK for example.com to access the site(Using role mapping, you can limit access to content based on roles).\u003C\u002Fp>\n\u003Ch4>What is OAuth Client?\u003C\u002Fh4>\n\u003Cp>Application requesting access to a protected resource on behalf of the Resource Owner.\u003C\u002Fp>\n\u003Ch4>What is OAuth Server?\u003C\u002Fh4>\n\u003Cp>OAuth Server provides the user information without sharing the credentials.\u003C\u002Fp>\n\u003Ch4>What is OAuth Scope?\u003C\u002Fh4>\n\u003Cp>Scope is a feature in OAuth 2.0 to restrict the access of an application to a user’s account. One or more scopes may be requested by an applicant, this information is then provided in the consent screen to the user, and the access token given to the application will be restricted to the scopes granted.\u003C\u002Fp>\n\u003Ch4>Can you set this up for me on my current website?\u003C\u002Fh4>\n\u003Cp>\u003Cem>Yes\u003C\u002Fem>, without a doubt. If you ever want assistance, please do not hesitate to contact us at mysteve06@gmail.com.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress since 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP >= 7.2\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Frequently Asked Questions ( FAQ’s )\u003C\u002Fh3>\n\u003Cp>For support or troubleshooting help please email us at mysteve06@gmail.com.\u003C\u002Fp>\n","WordPress OAuth client SSO ( OAuth 2.0 & OpenID SSO ) plugin allows login ( Single Sign On ) with your OAuth Servers like  AWS Cognito, Amazon, Az &hellip;",200,16003,82,8,"2023-02-21T15:40:00.000Z","6.1.10","5.0","7.2",[20,21,22,23,24],"authentication","oauth","oauth-client","oauth-server","oauth2-0","https:\u002F\u002Fwww.securiseweb.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Foauth-client-for-user-authentication.zip",83,2,0,"2022-08-23 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2022-3119","oauth-client-single-sign-on-for-wordpress-oauth-sso-missing-authorization","OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) \u003C= 3.0.3 - Missing Authorization","The OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_oauthclient_config() function that is hooked via 'init' in versions up to, and including, 3.0.3. This makes it possible for unauthenticated attackers to modify the plugin's oAuth settings which could lead to unauthorized and high privileged access to a vulnerable site.",null,"\u003C=3.0.3","3.0.4","high",7.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L","Missing Authorization","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb028a70d-f103-4232-b854-17b88d4dc7d9?source=api-prod",518,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":45,"references":60,"days_to_patch":62},"WF-517653e5-fdad-4360-82a5-32b16a6cd631-oauth-client-for-user-authentication","oauth-client-single-sign-on-for-wordpress-oauth-sso-cross-site-scripting","OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) \u003C= 3.0.1 - Cross-Site Scripting","The OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) plugin for WordPress is vulnerable to Cross-Site Scripting via the $key variable in versions up to, and including 3.0.1.","\u003C=3.0.1","3.0.2",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-05-03 00:00:00",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F517653e5-fdad-4360-82a5-32b16a6cd631?source=api-prod",630,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":64,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},1,574,67,"2026-04-04T11:09:32.542Z",[69,93,115,135,154],{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":90,"download_link":91,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"jwt-authentication-for-wp-rest-api","JWT Authentication for WP REST API","1.5.0","tmeister","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmeister\u002F","\u003Cp>This plugin seamlessly extends the WP REST API, enabling robust and secure authentication using JSON Web Tokens (JWT). It provides a straightforward way to authenticate users via the REST API, returning a standard JWT upon successful login.\u003C\u002Fp>\n\u003Ch3>Key features of this free version include:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Standard JWT Authentication:\u003C\u002Fstrong> Implements the industry-standard \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519\" rel=\"nofollow ugc\">RFC 7519\u003C\u002Fa> for secure claims representation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Endpoints:\u003C\u002Fstrong> Offers clear \u003Ccode>\u002Ftoken\u003C\u002Fcode> and \u003Ccode>\u002Ftoken\u002Fvalidate\u003C\u002Fcode> endpoints for generating and validating tokens.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Secret Key:\u003C\u002Fstrong> Define your unique secret key via \u003Ccode>wp-config.php\u003C\u002Fcode> for secure token signing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optional CORS Support:\u003C\u002Fstrong> Easily enable Cross-Origin Resource Sharing support via a \u003Ccode>wp-config.php\u003C\u002Fcode> constant.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks:\u003C\u002Fstrong> Provides filters (\u003Ccode>jwt_auth_expire\u003C\u002Fcode>, \u003Ccode>jwt_auth_token_before_sign\u003C\u002Fcode>, etc.) for customizing token behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.\u003C\u002Fp>\n\u003Cp>For users requiring more advanced capabilities such as multiple signing algorithms (RS256, ES256), token refresh\u002Frevocation, UI-based configuration, or priority support, consider checking out \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_link_soft\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support and Requests:\u003C\u002Fstrong> Please use \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\" rel=\"nofollow ugc\">GitHub Issues\u003C\u002Fa>. For priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=description_support_link\" rel=\"nofollow ugc\">PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>REQUIREMENTS\u003C\u002Fh3>\n\u003Ch4>WP REST API V2\u003C\u002Fh4>\n\u003Cp>This plugin was conceived to extend the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API V2\u003C\u002Fa> plugin features and, of course, was built on top of it.\u003C\u002Fp>\n\u003Cp>So, to use the \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> you need to install and activate \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWP-API\u002FWP-API\" rel=\"nofollow ugc\">WP REST API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>PHP\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Minimum PHP version: 7.4.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>PHP HTTP Authorization Header Enable\u003C\u002Fh3>\n\u003Cp>Most shared hosting providers have disabled the \u003Cstrong>HTTP Authorization Header\u003C\u002Fstrong> by default.\u003C\u002Fp>\n\u003Cp>To enable this option you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>WPENGINE\u003C\u002Fh4>\n\u003Cp>For WPEngine hosting, you’ll need to edit your \u003Cstrong>.htaccess\u003C\u002Fstrong> file by adding the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See https:\u002F\u002Fgithub.com\u002FTmeister\u002Fwp-api-jwt-auth\u002Fissues\u002F1 for more details.\u003C\u002Fp>\n\u003Ch3>CONFIGURATION\u003C\u002Fh3>\n\u003Ch3>Configure the Secret Key\u003C\u002Fh3>\n\u003Cp>The JWT needs a \u003Cstrong>secret key\u003C\u002Fstrong> to sign the token. This \u003Cstrong>secret key\u003C\u002Fstrong> must be unique and never revealed.\u003C\u002Fp>\n\u003Cp>To add the \u003Cstrong>secret key\u003C\u002Fstrong>, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_SECRET_KEY\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You can generate a secure key from: https:\u002F\u002Fapi.wordpress.org\u002Fsecret-key\u002F1.1\u002Fsalt\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for easier configuration?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=config_secret_key_link\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to manage all settings through a simple admin UI.\u003C\u002Fp>\n\u003Ch3>Configure CORS Support\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin has the option to activate \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FCross-origin_resource_sharing\" rel=\"nofollow ugc\">CORS\u003C\u002Fa> support.\u003C\u002Fp>\n\u003Cp>To enable CORS Support, edit your wp-config.php file and add a new constant called \u003Cstrong>JWT_AUTH_CORS_ENABLE\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('JWT_AUTH_CORS_ENABLE', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Finally, activate the plugin within your wp-admin.\u003C\u002Fp>\n\u003Ch3>Namespace and Endpoints\u003C\u002Fh3>\n\u003Cp>When the plugin is activated, a new namespace is added:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fjwt-auth\u002Fv1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Also, two new endpoints are added to this namespace:\u003C\u002Fp>\n\u003Cp>Endpoint | HTTP Verb\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fem> | POST\u003Cbr \u002F>\n\u003Cem>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fem> | POST\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Need more functionality?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=endpoints_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> includes additional endpoints for token refresh and revocation.\u003C\u002Fp>\n\u003Ch3>USAGE\u003C\u002Fh3>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u003C\u002Fh4>\n\u003Cp>This is the entry point for JWT Authentication.\u003C\u002Fp>\n\u003Cp>It validates the user credentials, \u003Cem>username\u003C\u002Fem> and \u003Cem>password\u003C\u002Fem>, and returns a token to use in future requests to the API if the authentication is correct, or an error if authentication fails.\u003C\u002Fp>\n\u003Cp>Sample Request Using AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(function() {\n  var app = angular.module('jwtAuth', []);\n\n  app.controller('MainController', function($scope, $http) {\n    var apiHost = 'http:\u002F\u002Fyourdomain.com\u002Fwp-json';\n\n    $http.post(apiHost + '\u002Fjwt-auth\u002Fv1\u002Ftoken', {\n      username: 'admin',\n      password: 'password'\n    })\n    .then(function(response) {\n      console.log(response.data)\n    })\n    .catch(function(error) {\n      console.error('Error', error.data[0]);\n    });\n  });\n})();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Success Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9qd3QuZGV2IiwiaWF0IjoxNDM4NTcxMDUwLCJuYmYiOjE0Mzg1NzEwNTAsImV4cCI6MTQzOTE3NTg1MCwiZGF0YSI6eyJ1c2VyIjp7ImlkIjoiMSJ9fX0.YNe6AyWW4B7ZwfFE5wJ0O6qQ8QFcYizimDmBy6hCH_8\",\n  \"user_display_name\": \"admin\",\n  \"user_email\": \"admin@localhost.dev\",\n  \"user_nicename\": \"admin\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Error Response From The Server\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_failed\",\n  \"data\": {\n    \"status\": 403\n  },\n  \"message\": \"Invalid Credentials.\"\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once you get the token, you must store it somewhere in your application, e.g., in a \u003Cstrong>cookie\u003C\u002Fstrong> or using \u003Cstrong>localStorage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From this point, you should pass this token with every API call.\u003C\u002Fp>\n\u003Cp>Sample Call Using The Authorization Header With AngularJS\u003C\u002Fp>\n\u003Cpre>\u003Ccode>app.config(function($httpProvider) {\n  $httpProvider.interceptors.push(['$q', '$location', '$cookies', function($q, $location, $cookies) {\n    return {\n      'request': function(config) {\n        config.headers = config.headers || {};\n        \u002F\u002F Assume that you store the token in a cookie\n        var globals = $cookies.getObject('globals') || {};\n        \u002F\u002F If the cookie has the CurrentUser and the token\n        \u002F\u002F add the Authorization header in each request\n        if (globals.currentUser && globals.currentUser.token) {\n          config.headers.Authorization = 'Bearer ' + globals.currentUser.token;\n        }\n        return config;\n      }\n    };\n  }]);\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin will intercept every call to the server and will look for the Authorization Header. If the Authorization header is present, it will try to decode the token and will set the user according to the data stored in it.\u003C\u002Fp>\n\u003Cp>If the token is valid, the API call flow will continue as normal.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Sample Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>POST \u002Fresource HTTP\u002F1.1\nHost: server.example.com\nAuthorization: Bearer mF_s9.B5f-4.1JqM\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>ERRORS\u003C\u002Fh3>\n\u003Cp>If the token is invalid, an error will be returned. Here are some sample errors:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invalid Credentials\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_failed\",\n    \"message\": \"Invalid Credentials.\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Invalid Signature\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Signature verification failed\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Expired Token\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[\n  {\n    \"code\": \"jwt_auth_invalid_token\",\n    \"message\": \"Expired token\",\n    \"data\": {\n      \"status\": 403\n    }\n  }\n]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Need advanced error tracking?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=errors_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> offers enhanced error tracking and monitoring capabilities.\u003C\u002Fp>\n\u003Ch4>\u002Fwp-json\u002Fjwt-auth\u002Fv1\u002Ftoken\u002Fvalidate\u003C\u002Fh4>\n\u003Cp>This is a simple helper endpoint to validate a token. You only need to make a POST request with the Authorization header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Valid Token Response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n  \"code\": \"jwt_auth_valid_token\",\n  \"data\": {\n    \"status\": 200\n  }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>AVAILABLE HOOKS\u003C\u002Fh3>\n\u003Cp>The \u003Cstrong>wp-api-jwt-auth\u003C\u002Fstrong> plugin is developer-friendly and provides five filters to override the default settings.\u003C\u002Fp>\n\u003Ch4>jwt_auth_cors_allow_headers\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_cors_allow_headers\u003C\u002Fstrong> filter allows you to modify the available headers when CORS support is enabled.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'Access-Control-Allow-Headers, Content-Type, Authorization'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_not_before\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_not_before\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.5\" rel=\"nofollow ugc\">\u003Cstrong>nbf\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Creation time - time()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_expire\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_expire\u003C\u002Fstrong> filter allows you to change the \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519#section-4.1.4\" rel=\"nofollow ugc\">\u003Cstrong>exp\u003C\u002Fstrong>\u003C\u002Fa> value before the token is created.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>time() + (DAY_IN_SECONDS * 7)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_token_before_sign\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_sign\u003C\u002Fstrong> filter allows you to modify all token data before it is encoded and signed.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = array(\n    'iss' => get_bloginfo('url'),\n    'iat' => $issuedAt,\n    'nbf' => $notBefore,\n    'exp' => $expire,\n    'data' => array(\n        'user' => array(\n            'id' => $user->data->ID,\n        )\n    )\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Want easier customization?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=hook_payload_pro_note\" rel=\"nofollow ugc\">JWT Authentication PRO\u003C\u002Fa> allows you to add custom claims directly through the admin UI.\u003C\u002Fp>\n\u003Ch4>jwt_auth_token_before_dispatch\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_token_before_dispatch\u003C\u002Fstrong> filter allows you to modify the response array before it is sent to the client.\u003C\u002Fp>\n\u003Cp>Default Value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$data = array(\n    'token' => $token,\n    'user_email' => $user->data->user_email,\n    'user_nicename' => $user->data->user_nicename,\n    'user_display_name' => $user->data->display_name,\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>jwt_auth_algorithm\u003C\u002Fh4>\n\u003Cp>The \u003Cstrong>jwt_auth_algorithm\u003C\u002Fstrong> filter allows you to modify the signing algorithm.\u003C\u002Fp>\n\u003Cp>Default value:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = JWT::encode(\n    apply_filters('jwt_auth_token_before_sign', $token, $user),\n    $secret_key,\n    apply_filters('jwt_auth_algorithm', 'HS256')\n);\n\n\u002F\u002F ...\n\n$token = JWT::decode(\n    $token,\n    new Key($secret_key, apply_filters('jwt_auth_algorithm', 'HS256'))\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>JWT Authentication PRO\u003C\u002Fh3>\n\u003Cp>Elevate your WordPress security and integration capabilities with \u003Cstrong>JWT Authentication PRO\u003C\u002Fstrong>. Building upon the solid foundation of the free version, the PRO version offers advanced features, enhanced security options, and a streamlined user experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration UI:\u003C\u002Fstrong> Manage all settings directly from the WordPress admin area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Endpoint:\u003C\u002Fstrong> Allow users to refresh expired tokens seamlessly without requiring re-login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation Endpoint:\u003C\u002Fstrong> Immediately invalidate specific tokens for enhanced security control.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Token Payload:\u003C\u002Fstrong> Add custom claims to your JWT payload to suit your specific application needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular CORS Control:\u003C\u002Fstrong> Define allowed origins and headers with more precision directly in the settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Protect your endpoints from abuse with configurable rate limits.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit Logs:\u003C\u002Fstrong> Keep track of token generation, validation, and errors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support:\u003C\u002Fstrong> Get faster, dedicated support directly from the developer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fjwtauth.pro\u002F?utm_source=wp_plugin_readme&utm_medium=link&utm_campaign=pro_promotion&utm_content=pro_section_cta\" rel=\"nofollow ugc\">Upgrade to JWT Authentication PRO Today!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Free vs. PRO Comparison\u003C\u002Fh3>\n\u003Cp>Here’s a quick look at the key differences:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Basic JWT Authentication:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Validation:\u003C\u002Fstrong> Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Refresh Mechanism:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Revocation:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Management Dashboard:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics & Monitoring:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Geo-IP Identification:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Documentation:\u003C\u002Fstrong> Basic (Free), Comprehensive (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Tools:\u003C\u002Fstrong> Not Included (Free), Included (PRO)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support:\u003C\u002Fstrong> Community via GitHub (Free), Priority Direct Support (PRO)\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.",60000,893830,88,53,"2026-02-18T00:58:00.000Z","6.9.4","4.2","7.4.0",[86,87,21,88,89],"json-web-authentication","jwt","rest-api","wp-api","https:\u002F\u002Fenriquechavez.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjwt-authentication-for-wp-rest-api.1.5.0.zip",100,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":18,"tags":108,"homepage":112,"download_link":113,"security_score":92,"vuln_count":64,"unpatched_count":29,"last_vuln_date":114,"fetched_at":31},"google-apps-login","Login for Google Apps","3.5.2","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Login for Google Apps allows existing WordPress user accounts to log in to your website using Google to securely authenticate their account. This means that if they are already logged into Gmail – they can simply click their way through the WordPress login screen – no username or password is explicitly required!\u003C\u002Fp>\n\u003Cp>Login for Google Apps uses \u003Cstrong>secure oAuth2 authentication recommended by Google\u003C\u002Fstrong>, including 2-factor authentication (2FA) if enabled for your Google Workspace (formerly known as Google Apps and G Suite) accounts.\u003C\u002Fp>\n\u003Cp>This is far simpler to configure than the older SAML protocol.\u003C\u002Fp>\n\u003Cp>Login for Google Apps is trusted by thousands of organizations from schools to large public companies. Login for Google Apps for WordPress is the most popular enterprise grade plugin enabling login and user management based on your Google Workspace domain.\u003C\u002Fp>\n\u003Cp>Its plugin setup requires you to have admin access to any Google Workspace domain, or a regular Gmail account, to register and obtain two simple codes from Google.\u003C\u002Fp>\n\u003Ch4>Support and Premium features\u003C\u002Fh4>\n\u003Cp>Full support and premium features are also available for purchase:\u003C\u002Fp>\n\u003Cp>Eliminate the need for Google Workspace (previously called “Google Apps and G Suite”) domain admins to separately manage WordPress user accounts, and get peace of mind that only authorized employees have access to your organization’s websites and intranet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>See \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20Top&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">our website at wp-glogin.com\u003C\u002Fa> for more details.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Premium version allows everyone in your Google Workspace (Google Apps \u002F G Suite) domain to log in to WordPress – an account will be automatically created in WordPress if one doesn’t already exist.\u003C\u002Fp>\n\u003Cp>Our Enterprise version goes further, allowing you to specify granular access and role controls based on Google Group or Organizational Unit membership.\u003C\u002Fp>\n\u003Cp>You can also see logs of accounts created and roles changed by the plugin.\u003C\u002Fp>\n\u003Ch4>Extensible Platform\u003C\u002Fh4>\n\u003Cp>Login for Google Apps allows you to centralize your site’s Google functionality and build your own extensions, or use third-party extensions, which require no configuration themselves and share the same user authentication and permissions that users already allowed for Login for Google Apps itself.\u003C\u002Fp>\n\u003Cp>Using our platform, your website appears to Google accounts as one unified ‘web application’, making it more secure and easier to manage.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogledriveembedder\" rel=\"nofollow ugc\">Google Drive Embedder\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nusers to browse for Google Drive documents to embed directly in their posts or pages.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fwpgoogleappsdirectory\" rel=\"nofollow ugc\">Google Apps Directory\u003C\u002Fa> is an extension plugin allowing\u003Cbr \u002F>\nlogged-in users to search your Google Apps employee directory from a widget on your intranet or client site.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Favatars\u002F?utm_source=Login%20Readme%20Avatars&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Google Profile Avatars\u003C\u002Fa>\u003Cbr \u002F>\nis available on our website. It displays users’ Google profile photos in place of their avatars throughout your site.\u003C\u002Fp>\n\u003Cp>Login for Google Apps works on single or multisite WordPress websites or private intranets.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>One-click login will work for the following domains and user accounts:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Workspace Starter\u003C\u002Fli>\n\u003Cli>Google Workspace Business Standard\u003C\u002Fli>\n\u003Cli>Google Workspace Business Plus\u003C\u002Fli>\n\u003Cli>Google Workspace Enterprise\u003C\u002Fli>\n\u003Cli>Google Workspace for Nonprofits\u003C\u002Fli>\n\u003Cli>Google Workspace for Government\u003C\u002Fli>\n\u003Cli>Google Classroom (Google Workspace for Education)\u003C\u002Fli>\n\u003Cli>Personal gmail.com and googlemail.com emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Login for Google Apps uses the latest secure OAuth2 authentication recommended by Google. Other 3rd party authentication plugins may allow you to use your Google username and password to login, but they do not do this securely unless they also use OAuth2. This is discussed further in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoogle-apps-login\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>This plugin currently operates in multiple languages.\u003C\u002Fp>\n\u003Cp>We welcome volunteers to translate into their own language. If you would like to contribute a translation, please open the WordPress.org \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgoogle-apps-login\u002F\" rel=\"nofollow ugc\">Translation portal\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Website and Upgrades\u003C\u002Fh4>\n\u003Cp>Please see our website \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002F?utm_source=Login%20Readme%20Website&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">https:\u002F\u002Fwp-glogin.com\u002F\u003C\u002Fa> for more information about this free plugin and extra features available in our Premium and Enterprise upgrades, plus support details, other plugins, and useful guides for admins of WordPress sites and Google Apps.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fglogin\u002F?utm_source=Login%20Readme%20PremEnt&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">Premium and Enterprise versions\u003C\u002Fa> eliminate the need to manage user accounts in your WordPress site – everything is synced from Google Apps instead.\u003C\u002Fp>\n\u003Cp>If you are building your organization’s intranet on WordPress, try out our \u003Ca href=\"https:\u002F\u002Fwp-glogin.com\u002Fintranet\u002F?utm_source=Login%20Readme%20AIOI&utm_medium=freemium&utm_campaign=Freemium\" rel=\"nofollow ugc\">All-In-One Intranet plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).",10000,661543,92,64,"2025-05-08T16:01:00.000Z","6.8.5","5.5",[20,109,110,21,111],"google","login","sso","https:\u002F\u002Fwp-glogin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-apps-login.3.5.2.zip","2022-12-01 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":107,"requires_php":129,"tags":130,"homepage":133,"download_link":134,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"login-with-google","Log in with Google","1.4.2","rtCamp","https:\u002F\u002Fprofiles.wordpress.org\u002Frtcamp\u002F","\u003Cp>Ultra minimal plugin to let your users login to WordPress applications using their Google accounts. No more remembering hefty passwords!\u003C\u002Fp>\n\u003Ch3>Initial Setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Create a project from \u003Ca href=\"https:\u002F\u002Fconsole.developers.google.com\u002Fapis\u002Fdashboard\" rel=\"nofollow ugc\">Google Developers Console\u003C\u002Fa> if none exists.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Go to \u003Cstrong>Credentials\u003C\u002Fstrong> tab, then create credential for OAuth client.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Application type will be \u003Cstrong>Web Application\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add \u003Ccode>YOUR_DOMAIN\u002Fwp-login.php\u003C\u002Fcode> in \u003Cstrong>Authorized redirect URIs\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This will give you \u003Cstrong>Client ID\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Input these values either in \u003Ccode>WP Admin > Settings > WP Google Login\u003C\u002Fcode>, or in \u003Ccode>wp-config.php\u003C\u002Fcode> using the following code snippet:\u003C\u002Fp>\n\u003Cp>\u003Ccode>define( 'WP_GOOGLE_LOGIN_CLIENT_ID', 'YOUR_GOOGLE_CLIENT_ID' );\u003Cbr \u002F>\ndefine( 'WP_GOOGLE_LOGIN_SECRET', 'YOUR_SECRET_KEY' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Browser support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fidentity\u002Fgsi\u002Fweb\u002Fguides\u002Fsupported-browsers\" rel=\"nofollow ugc\">These browsers are supported\u003C\u002Fa>. Note, for example, that One Tap Login is not supported in Safari.\u003C\u002Fp>\n\u003Ch3>How to enable automatic user registration\u003C\u002Fh3>\n\u003Cp>You can enable user registration either by\u003Cbr \u002F>\n– Enabling \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>OR\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adding\u003Cbr \u002F>\n\u003Ccode>define( 'WP_GOOGLE_LOGIN_USER_REGISTRATION', 'true' );\u003C\u002Fcode>\u003Cbr \u002F>\nin wp-config.php file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If the checkbox is ON then, it will register valid Google users even when WordPress default setting, under\u003C\u002Fp>\n\u003Cp>\u003Cem>Settings > General Settings > Membership > Anyone can register\u003C\u002Fem> checkbox\u003C\u002Fp>\n\u003Cp>is OFF.\u003C\u002Fp>\n\u003Ch3>Restrict user registration to one or more domain(s)\u003C\u002Fh3>\n\u003Cp>By default, when you enable user registration via constant \u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> or enable \u003Cem>Settings > WP Google Login > Enable Google Login Registration\u003C\u002Fem>, it will create a user for any Google login (including gmail.com users). If you are planning to use this plugin on a private, internal site, then you may like to restrict user registration to users under a single Google Suite organization. This configuration variable does that.\u003C\u002Fp>\n\u003Cp>Add your domain name, without any schema prefix and \u003Ccode>www,\u003C\u002Fcode> as the value of \u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> constant or in the settings \u003Ccode>Settings > WP Google Login > Whitelisted Domains\u003C\u002Fcode>. You can whitelist multiple domains. Please separate domains with commas. See the below example to know how to do it via constants:\u003Cbr \u002F>\n    \u003Ccode>define( 'WP_GOOGLE_LOGIN_WHITELIST_DOMAINS', 'example.com,sample.com' );\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If a user already exists, they \u003Cstrong>will be allowed to login with Google\u003C\u002Fstrong> regardless of whether their domain is whitelisted or not. Whitelisting will only prevent users from \u003Cstrong>registering\u003C\u002Fstrong> with email addresses from non-whitelisted domains.\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>For a list of all hooks please refer to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FrtCamp\u002Flogin-with-google#hooks\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>wp-config.php parameters list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_CLIENT_ID\u003C\u002Fcode> (string): Google client ID of your application.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_SECRET\u003C\u002Fcode> (string): Secret key of your application\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_USER_REGISTRATION\u003C\u002Fcode> (boolean) (optional): Set \u003Ccode>true\u003C\u002Fcode> If you want to enable new user registration. By default, user registration defers to \u003Ccode>Settings > General Settings > Membership\u003C\u002Fcode> if constant is not set.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>WP_GOOGLE_LOGIN_WHITELIST_DOMAINS\u003C\u002Fcode> (string) (optional): Domain names, if you want to restrict login with your custom domain. By default, it will allow all domains. You can whitelist multiple domains.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>BTW, We’re Hiring!\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Frtcamp.com\u002Fcareers\u002F\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","Minimal plugin that allows WordPress users to log in using Google.",6000,117533,90,15,"2026-02-20T14:59:00.000Z","6.7.5","7.4",[20,131,21,132,111],"google-login","sign-in","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-with-google.1.4.2.zip",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":143,"downloaded":144,"rating":92,"num_ratings":145,"last_updated":146,"tested_up_to":82,"requires_at_least":107,"requires_php":129,"tags":147,"homepage":150,"download_link":151,"security_score":152,"vuln_count":64,"unpatched_count":29,"last_vuln_date":153,"fetched_at":31},"authorizer","Authorizer","3.13.4","Paul Ryan","https:\u002F\u002Fprofiles.wordpress.org\u002Ffigureone\u002F","\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> restricts access to a WordPress site to specific users, typically students enrolled in a university course. It maintains a list of approved users that you can edit to determine who has access. It also replaces the default WordPress login\u002Fauthorization system with one relying on an external server, such as Google, CAS, LDAP, or an OAuth2 provider. Finally, \u003Cem>Authorizer\u003C\u002Fem> lets you limit invalid login attempts to prevent bots from compromising your users’ accounts.\u003C\u002Fp>\n\u003Cp>View or contribute to the plugin source on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> requires the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>CAS server\u003C\u002Fstrong> (2.x, 3.x, 4.x, 5.x, 6.x, or 7.x) or \u003Cstrong>LDAP server\u003C\u002Fstrong> (plugin needs the URL)\u003C\u002Fli>\n\u003Cli>PHP extensions: php-ldap, php-curl, php-dom\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Authorizer\u003C\u002Fem> provides the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authentication\u003C\u002Fstrong>: WordPress accounts; Google accounts; CAS accounts; LDAP accounts; OAuth2 accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login Access\u003C\u002Fstrong>: All authenticated users (all local and all external can log in); Only specific users (all local and approved external users can log in)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View Access\u003C\u002Fstrong>: Everyone (open access); Only logged in users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong>: Progressively increase the amount of time required between invalid login attempts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode\u003C\u002Fstrong>: Use the \u003Ccode>[authorizer_login_form]\u003C\u002Fcode> shortcode to embed a wp_login_form() outside of wp-login.php.\u003C\u002Fli>\n\u003C\u002Ful>\n","Authorizer limits login attempts, restricts access to specific users, and authenticates against external sources (OAuth2, Google, LDAP, or CAS).",5000,181710,19,"2025-12-19T20:52:00.000Z",[20,148,149,110,21],"cas","ldap","https:\u002F\u002Fgithub.com\u002Fuhm-coe\u002Fauthorizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthorizer.3.13.4.zip",99,"2022-11-01 00:00:00",{"slug":155,"name":156,"version":157,"author":158,"author_profile":159,"description":160,"short_description":161,"active_installs":162,"downloaded":163,"rating":164,"num_ratings":165,"last_updated":166,"tested_up_to":167,"requires_at_least":168,"requires_php":133,"tags":169,"homepage":173,"download_link":174,"security_score":175,"vuln_count":64,"unpatched_count":29,"last_vuln_date":176,"fetched_at":31},"keyring","Keyring","3.0","Beau Lebens","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeaulebens\u002F","\u003Cp>\u003Cstrong>See the \u003Ca href=\"http:\u002F\u002Fdentedreality.com.au\u002Fprojects\u002Fwp-keyring\u002F\" rel=\"nofollow ugc\">Keyring Developer’s Guide\u003C\u002Fa> for more details.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Keyring provides a very hookable, completely customizable framework for connecting your WordPress to an external service. It takes care of all the heavy lifting when making authenticated requests, so all you need to do is implement cool features and not worry about these tricky bits.\u003C\u002Fp>\n\u003Cp>Out of the box, Keyring currently comes with base Service definitions for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>HTTP Basic,\u003C\u002Fli>\n\u003Cli>OAuth1, and\u003C\u002Fli>\n\u003Cli>OAuth2.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And includes ready-to-use definitions for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002F500px.com\u002F\" rel=\"nofollow ugc\">500px\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdelicious.com\u002F\" rel=\"nofollow ugc\">Delicious\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Feventbrite.com\u002F\" rel=\"nofollow ugc\">Eventbrite\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffacebook.com\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffitbit.com\u002F\" rel=\"nofollow ugc\">Fitbit\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fflickr.com\u002F\" rel=\"nofollow ugc\">Flickr\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffoursquare.com\u002F\" rel=\"nofollow ugc\">Foursquare\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fanalytics\u002F\" rel=\"nofollow ugc\">Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fcontacts\u002F\" rel=\"nofollow ugc\">Google Contacts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fmail\u002F\" rel=\"nofollow ugc\">Google Mail\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Finstagram.com\u002F\" rel=\"nofollow ugc\">Instagram\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Finstapaper.com\u002F\" rel=\"nofollow ugc\">Instapaper\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjetpack.com\u002F\" rel=\"nofollow ugc\">Jetpack\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fwordpress.com\u002F\" rel=\"nofollow ugc\">WordPress.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Flinkedin.com\u002F\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmoves-app.com\u002F\" rel=\"nofollow ugc\">Moves\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fnest.com\u002F\" rel=\"nofollow ugc\">Nest\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpinterest.com\u002F\" rel=\"nofollow ugc\">Pinterest\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frunkeeper.com\u002F\" rel=\"nofollow ugc\">RunKeeper\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fstrava.com\u002F\" rel=\"nofollow ugc\">Strava\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftripit.com\u002F\" rel=\"nofollow ugc\">TripIt\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftumblr.com\u002F\" rel=\"nofollow ugc\">Tumblr\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002F\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyahoo.com\u002F\" rel=\"nofollow ugc\">Yahoo! Updates\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyoutube.com\u002F\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can very easily write your own Service definitions and then use all the power of Keyring to hook into that authentication flow. See the \u003Ca href=\"http:\u002F\u002Fdentedreality.com.au\u002Fprojects\u002Fwp-keyring\u002F\" rel=\"nofollow ugc\">Keyring Developer’s Guide\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Cp>Contributions are welcome via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbeaulebens\u002Fkeyring\" rel=\"nofollow ugc\">Github pull request\u003C\u002Fa>.\u003C\u002Fp>\n","An authentication framework that handles authorization\u002Fcommunication with most popular web services.",1000,95201,86,6,"2023-04-25T21:21:00.000Z","6.2.9","4.0",[20,170,171,21,172],"authorization","http-basic","security","http:\u002F\u002Fdentedreality.com.au\u002Fprojects\u002Fwp-keyring\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeyring.3.0.zip",85,"2014-07-07 00:00:00",{"attackSurface":178,"codeSignals":203,"taintFlows":252,"riskAssessment":331,"analyzedAt":345},{"hooks":179,"ajaxHandlers":199,"restRoutes":200,"shortcodes":201,"cronEvents":202,"entryPointCount":29,"unprotectedCount":29},[180,186,190,195],{"type":181,"name":182,"callback":183,"file":184,"line":185},"action","admin_menu","addMenuPage","oauthclient_controller.php",36,{"type":181,"name":187,"callback":188,"file":184,"line":189},"init","save_oauthclient_config",37,{"type":181,"name":191,"callback":192,"priority":193,"file":184,"line":194},"admin_footer","feedbackDisplay_form",20,40,{"type":181,"name":196,"callback":197,"file":184,"line":198},"login_form","wp_sso_login_form_button",43,[],[],[],[],{"dangerousFunctions":204,"sqlUsage":205,"outputEscaping":207,"fileOperations":29,"externalRequests":249,"nonceChecks":250,"capabilityChecks":29,"bundledLibraries":251},[],{"prepared":28,"raw":29,"locations":206},[],{"escaped":208,"rawEcho":209,"locations":210},72,18,[211,215,217,219,222,224,226,228,230,232,234,236,237,239,241,243,245,247],{"file":212,"line":213,"context":214},"licensing_plans.php",9,"raw output",{"file":184,"line":216,"context":214},299,{"file":184,"line":218,"context":214},363,{"file":220,"line":221,"context":214},"oauthclient_layout.php",25,{"file":220,"line":223,"context":214},26,{"file":220,"line":225,"context":214},27,{"file":220,"line":227,"context":214},28,{"file":220,"line":229,"context":214},29,{"file":220,"line":231,"context":214},30,{"file":220,"line":233,"context":214},31,{"file":220,"line":235,"context":214},32,{"file":220,"line":125,"context":214},{"file":220,"line":238,"context":214},175,{"file":220,"line":240,"context":214},207,{"file":220,"line":242,"context":214},242,{"file":220,"line":244,"context":214},345,{"file":220,"line":246,"context":214},582,{"file":220,"line":248,"context":214},659,4,5,[],[253,272,283,292,301,315,323],{"entryPoint":254,"graph":255,"unsanitizedCount":28,"severity":271},"\u003CcustomerUtility> (Assets\\services\\customerUtility.php:0)",{"nodes":256,"edges":268},[257,262],{"id":258,"type":259,"label":260,"file":261,"line":213},"n0","source","$_SERVER (x2)","Assets\\services\\customerUtility.php",{"id":263,"type":264,"label":265,"file":261,"line":266,"wp_function":267},"n1","sink","wp_remote_post() [SSRF]",24,"wp_remote_post",[269],{"from":258,"to":263,"sanitized":270},false,"medium",{"entryPoint":273,"graph":274,"unsanitizedCount":64,"severity":271},"licensing_plans (licensing_plans.php:3)",{"nodes":275,"edges":281},[276,278],{"id":258,"type":259,"label":277,"file":212,"line":213},"$_SERVER['REQUEST_URI']",{"id":263,"type":264,"label":279,"file":212,"line":213,"wp_function":280},"echo() [XSS]","echo",[282],{"from":258,"to":263,"sanitized":270},{"entryPoint":284,"graph":285,"unsanitizedCount":14,"severity":271},"oc_oauthclient_layout (oauthclient_layout.php:3)",{"nodes":286,"edges":290},[287,289],{"id":258,"type":259,"label":288,"file":220,"line":221},"$_SERVER['REQUEST_URI'] (x8)",{"id":263,"type":264,"label":279,"file":220,"line":221,"wp_function":280},[291],{"from":258,"to":263,"sanitized":270},{"entryPoint":293,"graph":294,"unsanitizedCount":64,"severity":300},"\u003Clicensing_plans> (licensing_plans.php:0)",{"nodes":295,"edges":298},[296,297],{"id":258,"type":259,"label":277,"file":212,"line":213},{"id":263,"type":264,"label":279,"file":212,"line":213,"wp_function":280},[299],{"from":258,"to":263,"sanitized":270},"low",{"entryPoint":302,"graph":303,"unsanitizedCount":29,"severity":300},"save_oauthclient_config (oauthclient_controller.php:62)",{"nodes":304,"edges":312},[305,308],{"id":258,"type":259,"label":306,"file":184,"line":307},"$_GET",97,{"id":263,"type":264,"label":309,"file":184,"line":310,"wp_function":311},"update_option() [Settings Manipulation]",108,"update_option",[313],{"from":258,"to":263,"sanitized":314},true,{"entryPoint":316,"graph":317,"unsanitizedCount":29,"severity":300},"\u003Coauthclient_controller> (oauthclient_controller.php:0)",{"nodes":318,"edges":321},[319,320],{"id":258,"type":259,"label":306,"file":184,"line":307},{"id":263,"type":264,"label":309,"file":184,"line":310,"wp_function":311},[322],{"from":258,"to":263,"sanitized":314},{"entryPoint":324,"graph":325,"unsanitizedCount":14,"severity":300},"\u003Coauthclient_layout> (oauthclient_layout.php:0)",{"nodes":326,"edges":329},[327,328],{"id":258,"type":259,"label":288,"file":220,"line":221},{"id":263,"type":264,"label":279,"file":220,"line":221,"wp_function":280},[330],{"from":258,"to":263,"sanitized":270},{"summary":332,"deductions":333},"The \"oauth-client-for-user-authentication\" plugin v3.1.1 presents a mixed security posture.  On the positive side, the static analysis reveals a lack of direct attack vectors such as AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication.  Furthermore, SQL queries are exclusively using prepared statements, and a high percentage of output is properly escaped.  However, several concerning signals exist. The presence of 5 flows with unsanitized paths, despite no critical or high severity taint flows being reported, warrants attention as it suggests potential for vulnerabilities if these paths are ever exposed to user input.  The plugin also makes 4 external HTTP requests, which could be exploited if not handled securely.  A significant concern is the plugin's history of 2 high severity vulnerabilities, specifically Missing Authorization and Cross-site Scripting. While currently unpatched CVEs are 0, the recurring nature of these vulnerability types in the past indicates a potential for similar weaknesses to re-emerge in future versions if code review and secure coding practices are not rigorously applied. The lack of capability checks in the code signals is also a weakness, as it implies that some functionalities might be accessible to users who should not have access.",[334,336,339,342],{"reason":335,"points":14},"5 unsanitized paths in taint analysis",{"reason":337,"points":338},"4 external HTTP requests",3,{"reason":340,"points":341},"2 high severity vulnerabilities in history",16,{"reason":343,"points":344},"0 capability checks",10,"2026-03-16T20:16:02.381Z",{"wat":347,"direct":356},{"assetPaths":348,"generatorPatterns":351,"scriptPaths":352,"versionParams":353},[349,350],"\u002Fwp-content\u002Fplugins\u002Foauth-client-for-user-authentication\u002FAssets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Foauth-client-for-user-authentication\u002FAssets\u002Fjs\u002Fscript.js",[],[350],[354,355],"\u002Foauth-client-for-user-authentication\u002FAssets\u002Fcss\u002Fstyle.css?ver=","\u002Foauth-client-for-user-authentication\u002FAssets\u002Fjs\u002Fscript.js?ver=",{"cssClasses":357,"htmlComments":360,"htmlAttributes":361,"restEndpoints":363,"jsGlobals":364,"shortcodeOutput":366},[358,359],"buttons_style","oauthclient_layout_container",[],[362],"data-nonce",[],[365],"oc_oauthclient_layout_script",[]]