Repository files navigation

A WordPress plugin that provides headless login and authentication forWPGraphQL, supporting traditional passwords, OAuth2/OpenID Connect, JWT, and more.

• Join the WPGraphQL community on Discord.
• Documentation

Headless Login for WPGraphQL is a flexible and extensible plugin that allows headless WordPress sites to login and authenticate users viaWPGraphQL using a variety of authentication methods, including traditional WordPress credentials (username/password),OAuth 2.0 /OpenID Connect,JSON Web Tokens (JWT), and more.

This plugin is inspired by and aims to replaceWPGraphQL JWT Authentication as more powerful, comprehensive, and flexible authentication solution for Headless WP.

• PHP 7.4-8.2+
• WordPress 6.2+
• WPGraphQL 1.14.0+

1. Install & activateWPGraphQL.
2. Download thelatest release.zip file, upload it to your WordPress install, and activate the plugin.
3. Enable and configure the authentication providers you want to use in GraphQL > Settings > Headless Login.

wp plugin install https://github.com/AxeWP/wp-graphql-headless-login/releases/latest/download/wp-graphql-headless-login.zip --activate

composer require axepress/wp-graphql-headless-login

Until we hit v1.0, we're using amodified version ofSemVer, where:

• v0.x: "Major" releases. These releases introduce new features, andmay contain breaking changes to either the PHP API or the GraphQL schema
• v0.x.y: "Minor" releases. These releases introduce new features and enhancements and address bugs. Theydo not contain breaking changes.
• v0.x.y.z: "Patch" releases. These releases are reserved for addressing issue with the previous release only.

Development of Headless Login for WPGraphQL is provided byAxePress Development. Community contributions arewelcome andencouraged.

Basic support is provided for free, both inthis repo and inWPGraphQL's official Discord.

Priority support and custom development are available toour Sponsors.

The following functionality is currently supported:

• Authenticate with aWordPress username and password.
• Pass and validateOAuth 2.0 / OpenID Connect provider response from the frontend.
  Supported providers (out of the box):
  • Facebook
  • GitHub
  • Google
  • Instagram
  • LinkedIn
  • OAuth2 - Generic: Any other OAuth 2.0 provider.
  • SAML authentication and more coming soon!
• Use aspecial Site Token to support WordPress authentication with any externally-authenticated user identity (e.g.Auth.js).
• Add your own Authentication Provider byextending theProviderConfig class.
• Authenticate with JWT tokens using aHTTP Authorization header.
• Set CORS headers to allow or restrict access to the GraphQL endpoint.
• Generate short-termauthTokens and long termrefreshTokens for seamless re-authentication in your headless app.
• Link a user account to an authentication provider's resource owner, to allow users to authenticate with multiple providers.
• Query theenabledloginClient authorization urls, to use in your frontend's login buttons.
• Extensive WordPressactions andfilters for customization of the plugin's behavior.
• Log out all sessions for a user byrevoking orrefreshing their tokens, in GraphQL or the WordPress backend Profile Page.
• Manage WooCommerce Sessions withWPGraphQL for WooCommerce.
• and more!

• System Requirements
• Installation

• Terminology
• How it works

• Admin Settings
• GraphQL Queries
• GraphQL Mutations
• Javascript API
• WordPress Actions
• WordPress Filters

• Server-side Authentication flow with Next.js (demo ).
• Client-side Authentication flow with NextAuth.js
• Adding customProviderConfigs

1. Copy.env.dist to.env, and update the file to match your local environment.
2. Runcomposer install to get the dev-dependencies.
3. Runcomposer install-test-env to create the test environment.
4. Run your test suite withCodeception.E.g.vendor/bin/codecept run wpunit will run all WPUnit tests.