 |
VOOZH | about |
|
VOOZH | about |
This page documents the supported approach for extending the Auth0 WordPress plugin with custom functionality. It explains how to access the underlying Auth0-PHP SDK through the plugin's public API to integrate Auth0 features into custom WordPress development.
For information about the plugin's configuration options, see Configuration Options. For details about the internal architecture, see System Overview.
Important: This plugin is not designed to be extended by modifying or subclassing its internal components. The plugin's classes and methods are considered internal implementation details that may change without notice. The only supported extension mechanism is accessing the Auth0-PHP SDK through the wpAuth0() helper function.
The plugin provides a single stable extension point: the wpAuth0() helper function. This function returns the plugin singleton, which provides access to a fully configured instance of the Auth0-PHP SDK.
Extension Point Architecture
Sources: README.md169-184 wpAuth0.php72-89
The wpAuth0() function is the sole public entry point for accessing the plugin's functionality. It implements the singleton pattern to provide access to the plugin instance.
The function is defined in wpAuth0.php79-89 with the following signature:
The function returns an instance of Auth0\WordPress\Plugin. On first call, it initializes the plugin with configuration from the WordPress database. Subsequent calls return the same instance.
Singleton Pattern Implementation
Sources: wpAuth0.php79-89
The function accepts optional parameters for testing or advanced use cases:
| Parameter | Type | Purpose |
|---|---|---|
$plugin | ?Plugin | Override the singleton with a specific Plugin instance |
$sdk | ?Sdk | Provide a custom Auth0 SDK instance |
$configuration | ?Configuration | Provide a custom SDK configuration |
Note: In normal usage, all parameters should be omitted. These parameters are primarily used for testing.
Sources: wpAuth0.php79-89
The primary purpose of the wpAuth0() helper is to provide access to a configured instance of the Auth0-PHP SDK through the getSdk() method.
This returns an instance of Auth0\SDK\Auth0 that is fully configured with:
Retrieving the Configured SDK
Sources: README.md175-182 wpAuth0.php79-89
You can also access the SDK configuration directly if needed:
This returns an instance of Auth0\SDK\Configuration\SdkConfiguration containing all configuration values loaded from the WordPress database options (auth0_client, auth0_authentication, auth0_cookies, etc.).
Sources: README.md169-184
Critical: The plugin's internal classes and methods are not stable APIs and are subject to change without notice. Do not:
Auth0\WordPress\Actions\Authentication)Unsupported Extension Patterns
Rationale: The plugin's internal architecture may change significantly between versions. Code that depends on internal implementation details will break during updates.
Sources: README.md14-15 README.md173-174
The plugin does not guarantee backwards compatibility for internal APIs. Only the following are considered stable:
wpAuth0() helper function signature and return typePlugin::getSdk() method signature and return typePlugin::getConfiguration() method signature and return typeAll other plugin classes, methods, and interfaces may change without warning.
Sources: README.md14-15
The Auth0-PHP SDK provides comprehensive access to Auth0's features. Through wpAuth0()->getSdk(), you gain access to:
SDK Feature Domains
| Category | Method | Purpose |
|---|---|---|
| Authentication | login() | Generate Universal Login URL |
exchange() | Exchange authorization code for tokens | |
decode() | Validate and decode ID tokens | |
renew() | Refresh access tokens | |
| User Management | users() | Access Users endpoint |
usersByEmail() | Search users by email | |
| Session | getUser() | Retrieve authenticated user data |
getAccessToken() | Get current access token | |
getIdToken() | Get current ID token | |
clear() | Clear session data | |
| Organizations | organizations() | Access Organizations endpoint |
Sources: README.md169-184
Update Auth0 user metadata from WordPress:
Query Auth0 roles for additional authorization:
Validate organization membership before granting access:
Extension Pattern Flow
Sources: README.md169-184
The SDK instance returned by wpAuth0()->getSdk() is preconfigured with all settings from the plugin's configuration pages. This includes:
How Plugin Configuration Flows to SDK
The SDK instance includes configuration for:
| Setting Category | Configuration Source | SDK Usage |
|---|---|---|
| Domain | auth0_client['domain'] | API endpoint base URL |
| Client Credentials | auth0_client['id'], auth0_client['secret'] | API authentication |
| Callback URLs | auth0_authentication['callback_url'] | OAuth flow redirects |
| Session Management | auth0_sessions, auth0_cookies | Token storage and refresh |
| Organizations | auth0_client_advanced['organizations'] | Organization filtering |
| Custom Domain | auth0_client_advanced['custom_domain'] | Custom Auth0 domain |
| Token Settings | auth0_authentication['token_*'] | Token validation and refresh |
Note: Changing plugin configuration through the WordPress admin UI will not affect an already-instantiated SDK instance until the next request, as the plugin singleton is created once per request.
Sources: README.md169-184
Since you're working with the Auth0-PHP SDK through this extension point, refer to the SDK's documentation:
| Issue Type | Resource |
|---|---|
| SDK usage questions | Auth0 Community forum |
| SDK bugs or features | Auth0-PHP SDK repository issues |
| Plugin configuration | This plugin's GitHub issues |
| Plugin bugs | This plugin's GitHub issues |
Questions about extending the plugin using the SDK should be directed to the Auth0 Community, as they involve SDK usage rather than plugin-specific functionality.
The plugin maintainers cannot provide support for custom code that uses the SDK, as this falls outside the plugin's scope.
Security vulnerabilities should be reported through Auth0's Responsible Disclosure Program, not through public issue trackers.
Sources: README.md183-216
The Auth0 WordPress plugin provides a single, stable extension point for custom development:
wpAuth0() to access the plugin singletongetSdk() to retrieve a configured Auth0-PHP SDK instanceThis approach ensures your custom code remains compatible across plugin updates while providing full access to Auth0's authentication and management capabilities.
Sources: README.md169-184 wpAuth0.php72-89
Refresh this wiki