A WordPress plugin that provides Headless login and authentication for WPGraphQL, supporting traditional passwords, OAuth2/OpenID Connect, JWT, and more.
This major release refactors the root files to use the WPGraphQL\Login
namespace. It also exposes the authTokenExpiration
field in the refreshToken
mutation response, improves code quality, adds explicit support for WordPress 6.5.0, and more.
[!NOTE] Although this release technically contains breaking changes, these changes are limited to developers directly extending the
wp-graphql-headless-login.php
,wp-graphql-activation.php
,wp-graphql-deactivation.php
files, and theWPGraphQL\Login\Main
class. If you are using the plugin as intended, you should not experience any issues when upgrading.
authTokenExpiration
field to the refreshToken
mutation response. H/t @richardaubin.WPGraphQL/RankMath
namespace to root-level files ( activation.php
, deactivation.php
, wp-graphql-rank-math.php
).strict_types
in all PHP files.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.2.0...0.3.0
This major release bumps the minimum supported WordPress version to 6.0, and the minimum supported WPGraphQL version to 1.14.0. It also fixes a bug when extending the OAuth2Config
class.
[!Note] This release is technically a breaking change, as the
Psr
dependencies are now prefixed with\WPGraphQL\Login\Vendor
. This class should only be used internally, but if for some reason you're relying on the plugin's bundledPsr
classes in your own code, you'll need to update your references.
League\OAuth2\Client\Provider\AbstractProvider
to the \WPGraphQL\Login\Vendor
namespace. H/t @pat-flew .Psr
dependencies. This is a breaking change, as the Psr
dependencies are now prefixed with \WPGraphQL\Login\Vendor
.Autoloader
class for DRYness.axepress/wp-graphql-cs
to latest version and lint.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.4...0.2.0
This minor release fixes a bug where the determine_current_user
filter was being applied too late in the lifecycle for some plugins. It also better integrates with WPGraphQL for WooCommerce's upcoming release which adds built-in support for the plugin.
We've also upgraded our coding standards and fixed all the resulting issues.
determine_current_user
filter before the plugin is initialized. H/t @kidunot89 for reporting.WPGraphQL\Login\Autoloader
class. Note: this does not remove the vendor/
or vendor-prefixed/
directories from the repository.LoginPayload.customer
for WooGraphQL 0.18.2+. Props @kidunot89.LoginPayload.wooSessionToken
in favor of loginPayload.sessionToken
(added in WooGraphQL 0.18.2+).Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.3...0.1.4
This release includes a refactored Admin JS package for backwards-compatibility and stability, new features and developer hooks to extend and customize the authentication lifecycle, and a handful of bug fixes.
scopeSeparator
for Generic OAuth2 providers. H/t @martinowren for bringing this up!packages/admin
directory, and refactor for backwards-compatibility.scope
.scope
setting in the GitHub and LinkedIn provider settings.$user_data
to the graphql_login_after_successful_login
filter. Props @martinowren.graphql_login_after_authenticate
, graphql_login_get_user_from_data
.graphql_login_authenticated_user_data
, graphql_login_pre_get_user_from_data
,
graphql_login_create_user_data
.graphql_login_mapped_user_data
filter in favor of graphql_login_authenticated_user_data
.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.2...0.1.3
This release implements the new WPGraphQL Coding Standards ruleset for PHP_CodeSniffer
. While many of the addressed sniffs are cosmetic, numerous smells regarding performance, type safety, sanitization, and 3rd-party interoperability have been fixed as well.
axepress/wp-graphql-cs
PHP_Codesniffer ruleset.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.1...0.1.2
This release adds support for setting the Access-Control-Allow-Credentials
header via the Headless Login settings panel. We also updated the Server-side Auth example based on the feedback and issues discovered during the WPE Builders session.
Access-Control-Allow-Credentials
header via the Headless Login settings panel. Props @ArkDouglas.GRAPHQL_LOGIN_JWT_SECRET_KEY
when defining constants for test ehttps://youtu.be/RnJZ8VRjtBknvironment.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.0...0.1.1
This release bumps the version of the plugin to v0.1.0 to reflect the fact that it is now in a stable state. This means future releases will be SemVer compliant.
We also squashed a few bugs.
FormTokenControl
component. Thanks @ArkDouglas for reporting!Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.0.9...0.1.0
TokenManager::refresh_user_secret()
when revoking secrets on the backend to prevent UserError
s for invalid secrets.Password
provider from the list of User Profile identities.parent::register()
in ClientOptions
and LoginOptions
interface classes.admin_notice
if WPGraphQL CORS is enabled.HttpClient
mocks for headers and body.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.0.8...0.0.9
This release fixes a bug where OAuth2 (Generic) provider settings were not being accessed correctly (#56).
To address this, the provider slug was renamed from generic-oauth2
to oauth2-generic
.
Note: As a result, the LoginProviderEnum
name for this provider has changed from GENERIC_OAUTH2
to OAUTH2_GENERIC
, and GenericClientOptions
and GenericLoginOptions
have been renamed to OAuth2ClientOptions
and OAuth2LoginOptions
, respectively. The OAuth2 Generic provider settings are not preserved.
OAuth2 (Generic)
provider slug to oauth2-generic
.ProviderConfig::get_slug()
for Provider registry keys. H/t @ryntab and @stephane-segning.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.0.7...0.0.8
Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.0.6...0.0.7