 |
VOOZH | about |
|
VOOZH | about |
This page documents the minimum system requirements, version support policies, and external dependencies required to run the Auth0 WordPress Plugin. This includes PHP runtime requirements, WordPress version compatibility, required PHP extensions, Composer package dependencies, and infrastructure prerequisites.
For installation instructions and configuration steps, see Installation. For details on the development environment setup, see Development Setup.
The plugin requires PHP 8.1 or higher. This requirement is enforced at the Composer dependency level composer.json36
The plugin's PHP version support window mirrors the PHP release support schedule. Support for PHP versions ends when they stop receiving security fixes from the PHP project.
Current Support Matrix:
| Plugin Version | PHP Version | Support Ends |
|---|---|---|
| 5 | 8.3 | Nov 2026 |
| 5 | 8.2 | Dec 2025 |
| 5 | 8.1 | Nov 2024 |
Important: Deprecation of PHP versions that have reached end-of-life is not considered a breaking change and will not result in a major version bump README.md197-198 Sites running unsupported PHP versions will continue to function but will not receive plugin updates until the PHP runtime is upgraded.
Sources: README.md22-28 README.md186-199 composer.json36
The plugin requires the following PHP extensions to be installed and enabled:
| Extension | Purpose |
|---|---|
json | JSON encoding/decoding for API communication and token processing |
openssl | Cryptographic operations including JWT signature verification and secret generation |
These extensions are declared as hard requirements in the Composer manifest composer.json37-38:
The openssl extension is specifically used during plugin activation to generate three cryptographic secrets (cookies, back-channel logout, and authentication) using random_bytes() as described in the Plugin Initialization and Lifecycle Flow diagram.
Sources: composer.json37-38 README.md24
The plugin requires WordPress 6 or higher. As stated in the official support policy, only the most recent version of WordPress marked as "actively supported" by Automattic is supported README.md25 README.md189
Rationale: Automattic's policy states that "security patches are backported when possible, but this is not guaranteed." To ensure reliable security, the plugin only supports the actively maintained WordPress release.
Current Support Matrix:
| Plugin Version | WordPress Version | Support Ends |
|---|---|---|
| 5 | 6 | TBD (follows Automattic's support schedule) |
Like PHP version deprecations, WordPress version deprecations are not considered breaking changes and will not result in a major version bump.
Sources: README.md25 README.md189 README.md191-195
The plugin is built on top of the Auth0-PHP SDK which provides the core authentication and management API functionality. The plugin requires version 8.18 or higher composer.json39:
The Auth0-PHP SDK instance is initialized by the Plugin singleton and accessed throughout the codebase. For custom WordPress development, developers should use wpAuth0()->getSdk() to retrieve the configured SDK instance rather than extending the plugin's internal classes README.md173-182
The Auth0-PHP SDK depends on several PHP Standards Recommendations (PSR) interfaces. When the plugin is installed via Composer, the consuming application must provide implementations for:
The PSR-6 Cache interface is explicitly required composer.json40:
The recommended installation command includes two libraries that satisfy PSR-18 and PSR-17 requirements README.md65:
However, any compatible PSR-18 and PSR-17 implementations can be used. Alternative providers are available from Packagist:
For Bedrock or other Composer-based WordPress configurations, these implementations may already be satisfied by other installed packages, allowing installation of auth0/wordpress without additional dependencies README.md73-74
Sources: README.md68-77 composer.json39-40
The following diagram illustrates how the plugin's dependencies are resolved at runtime and how PSR interfaces are satisfied:
Dependency Resolution Flow:
auth0/auth0-php as a direct dependencysymfony/http-client and nyholm/psr7Sources: composer.json35-41 README.md68-77
The plugin uses custom database tables to guarantee high performance for user account mapping and event synchronization. These tables are:
auth0_accounts - Maps WordPress user IDs to Auth0 subject identifiersauth0_sync - Queues user synchronization events for background processingThe database credentials configured for WordPress must have table creation privileges README.md26 README.md159 During plugin activation and on subsequent runs, the plugin will create these tables if they do not exist using the Database abstraction layer.
The rationale for custom tables (rather than WordPress options or post meta) is explicitly stated in the codebase as being for high performance on high-traffic sites with frequent user operations, as described in the Data Flow - WordPress to Auth0 Synchronization diagram.
Sources: README.md26 README.md157-161
The plugin uses WordPress's background task manager to perform critical periodic tasks including:
AUTH0_CRON_SYNC)AUTH0_CRON_MAINTENANCE)Default Behavior: WordPress cron runs on every page load, which is inadvisable for production sites README.md167
Production Recommendation: Configure WordPress to use a system cron job to run these tasks periodically README.md167 This ensures reliable background processing without impacting site performance.
The sync system architecture (described in the Data Flow - WordPress to Auth0 Synchronization diagram) relies on scheduled cron execution to process the auth0_sync table queue.
Sources: README.md163-168
The following table lists additional dependencies required only for development, testing, and building the plugin. These are declared in the require-dev section composer.json42-59:
| Package | Purpose |
|---|---|
humbug/php-scoper | Namespace isolation for vendor dependencies during build |
pestphp/pest | Testing framework |
phpstan/phpstan | Static analysis |
vimeo/psalm | Static analysis |
friendsofphp/php-cs-fixer | Code formatting |
rector/rector | Automated refactoring |
mockery/mockery | Test mocking |
nyholm/psr7 | PSR-7/PSR-17 implementation for testing |
symfony/cache | PSR-6 cache implementation for testing |
These dependencies are not required for production installations and are automatically excluded when installing with --no-dev flag or when the build process creates the distribution ZIP.
Sources: composer.json42-59
The following diagram maps dependencies to their usage contexts within the plugin architecture:
Key Dependency Relationships:
wpAuth0.php uses ext-openssl to generate cryptographic secrets during activationPlugin singleton creates the Auth0-PHP SDK instance with PSR dependenciesAuthentication class validates tokens using the SDK, which requires ext-json for JWT decodingSynchronization class processes queued events via WordPress cron, calling the Management API through the SDKConfiguration class stores settings in WordPress database using wpdbSources: composer.json35-41 README.md169-184
Before installing the plugin, verify your environment meets these requirements:
PHP Environment:
php -v)ext-json is installed and enabled (php -m | grep json)ext-openssl is installed and enabled (php -m | grep openssl)WordPress Environment:
Composer Installation:
composer --version)Infrastructure:
Sources: README.md22-28 README.md157-168
The plugin is compatible with WPackagist, allowing installation via Composer in standard WordPress setups and WordPress distributions like Bedrock README.md58
For Bedrock installations, the Composer command is typically run from the root WordPress installation directory. Bedrock often includes PSR implementations, so the minimal installation command may suffice README.md60 README.md73:
For standard WordPress installations, run the Composer command from the wp-content/plugins subdirectory with all dependencies README.md62 README.md65:
Sources: README.md56-77
The plugin follows an active deprecation policy for platform versions:
Composer and WordPress package managers prevent automatic upgrades to incompatible versions, ensuring stability.
Sources: README.md186-199
Refresh this wiki