A WordPress plugin that provides Headless login and authentication for WPGraphQL, supporting traditional passwords, OAuth2/OpenID Connect, JWT, and more.
This major release refactors the root files to use the WPGraphQL\Login namespace. It also exposes the authTokenExpiration field in the refreshToken mutation response, improves code quality, adds explicit support for WordPress 6.5.0, and more.
[!NOTE] Although this release technically contains breaking changes, these changes are limited to developers directly extending the
wp-graphql-headless-login.php,wp-graphql-activation.php,wp-graphql-deactivation.phpfiles, and theWPGraphQL\Login\Mainclass. If you are using the plugin as intended, you should not experience any issues when upgrading.
authTokenExpiration field to the refreshToken mutation response. H/t @richardaubin.WPGraphQL/RankMath namespace to root-level files ( activation.php, deactivation.php, wp-graphql-rank-math.php ).strict_types in all PHP files.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.2.0...0.3.0
This major release bumps the minimum supported WordPress version to 6.0, and the minimum supported WPGraphQL version to 1.14.0. It also fixes a bug when extending the OAuth2Config class.
[!Note] This release is technically a breaking change, as the
Psrdependencies are now prefixed with\WPGraphQL\Login\Vendor. This class should only be used internally, but if for some reason you're relying on the plugin's bundledPsrclasses in your own code, you'll need to update your references.
League\OAuth2\Client\Provider\AbstractProvider to the \WPGraphQL\Login\Vendor namespace. H/t @pat-flew .Psr dependencies. This is a breaking change, as the Psr dependencies are now prefixed with \WPGraphQL\Login\Vendor.Autoloader class for DRYness.axepress/wp-graphql-cs to latest version and lint.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.4...0.2.0
This minor release fixes a bug where the determine_current_user filter was being applied too late in the lifecycle for some plugins. It also better integrates with WPGraphQL for WooCommerce's upcoming release which adds built-in support for the plugin.
We've also upgraded our coding standards and fixed all the resulting issues.
determine_current_user filter before the plugin is initialized. H/t @kidunot89 for reporting.WPGraphQL\Login\Autoloader class. Note: this does not remove the vendor/ or vendor-prefixed/ directories from the repository.LoginPayload.customer for WooGraphQL 0.18.2+. Props @kidunot89.LoginPayload.wooSessionToken in favor of loginPayload.sessionToken (added in WooGraphQL 0.18.2+).Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.3...0.1.4
This release includes a refactored Admin JS package for backwards-compatibility and stability, new features and developer hooks to extend and customize the authentication lifecycle, and a handful of bug fixes.
scopeSeparator for Generic OAuth2 providers. H/t @martinowren for bringing this up!packages/admin directory, and refactor for backwards-compatibility.scope.scope setting in the GitHub and LinkedIn provider settings.$user_data to the graphql_login_after_successful_login filter. Props @martinowren.graphql_login_after_authenticate, graphql_login_get_user_from_data.graphql_login_authenticated_user_data, graphql_login_pre_get_user_from_data,
graphql_login_create_user_data.graphql_login_mapped_user_data filter in favor of graphql_login_authenticated_user_data.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.2...0.1.3
This release implements the new WPGraphQL Coding Standards ruleset for PHP_CodeSniffer. While many of the addressed sniffs are cosmetic, numerous smells regarding performance, type safety, sanitization, and 3rd-party interoperability have been fixed as well.
axepress/wp-graphql-cs PHP_Codesniffer ruleset.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.1...0.1.2
This release adds support for setting the Access-Control-Allow-Credentials header via the Headless Login settings panel. We also updated the Server-side Auth example based on the feedback and issues discovered during the WPE Builders session.
Access-Control-Allow-Credentials header via the Headless Login settings panel. Props @ArkDouglas.GRAPHQL_LOGIN_JWT_SECRET_KEY when defining constants for test ehttps://youtu.be/RnJZ8VRjtBknvironment.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.1.0...0.1.1
This release bumps the version of the plugin to v0.1.0 to reflect the fact that it is now in a stable state. This means future releases will be SemVer compliant.
We also squashed a few bugs.
FormTokenControl component. Thanks @ArkDouglas for reporting!Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.0.9...0.1.0
TokenManager::refresh_user_secret() when revoking secrets on the backend to prevent UserErrors for invalid secrets.Password provider from the list of User Profile identities.parent::register() in ClientOptions and LoginOptions interface classes.admin_notice if WPGraphQL CORS is enabled.HttpClient mocks for headers and body.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.0.8...0.0.9
This release fixes a bug where OAuth2 (Generic) provider settings were not being accessed correctly (#56).
To address this, the provider slug was renamed from generic-oauth2 to oauth2-generic.
Note: As a result, the LoginProviderEnum name for this provider has changed from GENERIC_OAUTH2 to OAUTH2_GENERIC, and GenericClientOptions and GenericLoginOptions have been renamed to OAuth2ClientOptions and OAuth2LoginOptions, respectively. The OAuth2 Generic provider settings are not preserved.
OAuth2 (Generic) provider slug to oauth2-generic.ProviderConfig::get_slug() for Provider registry keys. H/t @ryntab and @stephane-segning.Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.0.7...0.0.8
Full Changelog: https://github.com/AxeWP/wp-graphql-headless-login/compare/0.0.6...0.0.7