Last indexed: 20 December 2025 (be493d)

Plugin API Reference

This page documents the public API surface of the Auth0 WordPress plugin, including the wpAuth0() helper function, the Plugin class and its methods, and recommended usage patterns for custom development.

Important: The plugin's internal APIs are not intended for direct extension or modification. For custom WordPress integrations requiring advanced Auth0 functionality, use the Auth0-PHP SDK directly. See Extending the Plugin for guidance on custom development approaches.

For information about WordPress hooks and filters registered by the plugin, see WordPress Hooks and Filters. For configuration options, see Configuration Options.

API Overview

The plugin exposes a minimal public API designed to provide access to a configured Auth0-PHP SDK instance. The API consists of:

wpAuth0() Function: A global helper function that returns the singleton Plugin instance
Plugin Class: The main plugin class with methods to access the SDK, configuration, and plugin state

Diagram: Public API Surface and Component Relationships

Sources: wpAuth0.php72-89 src/Plugin.php21-330 README.md169-184

The wpAuth0() Helper Function

The wpAuth0() function is a global helper that provides access to the plugin's singleton instance. This is the primary entry point for interacting with the plugin programmatically.

Function Signature

Parameters

All parameters are optional and primarily used for testing or advanced customization:

Parameter	Type	Description
`$plugin`	`?Auth0\WordPress\Plugin`	Optional existing Plugin instance to use
`$sdk`	`?Auth0\SDK\Auth0`	Optional existing SDK instance to inject
`$configuration`	`?Auth0\SDK\Configuration\SdkConfiguration`	Optional configuration object to inject

Return Value

Returns the singleton instance of Auth0\WordPress\Plugin.

Implementation Details

The function implements a singleton pattern using a static variable. On first call, it instantiates a new Plugin object (or uses the provided instance). Subsequent calls return the same instance, ensuring a single shared plugin state throughout the WordPress request lifecycle.

Diagram: wpAuth0() Singleton Pattern Flow

Usage Examples

Basic usage to access the SDK:

Check plugin state before using:

Access configuration:

Sources: wpAuth0.php72-89 README.md176-183

The Plugin Class

The Plugin class is the main plugin controller located at Auth0\WordPress\Plugin. It manages initialization, configuration, and provides access to the Auth0-PHP SDK.

Class Structure

Diagram: Plugin Class Structure and Dependencies

Sources: src/Plugin.php21-330

Public Methods Reference

getSdk()

Returns a configured instance of the Auth0-PHP SDK. This is the recommended method for accessing Auth0 functionality from custom code.

Signature:

Returns: Auth0\SDK\Auth0 - A fully configured SDK instance

Description: Returns a singleton instance of the Auth0-PHP SDK, configured with settings from the WordPress database (domain, client ID, client secret, etc.). The SDK instance is created on first access and reused for subsequent calls.

The returned SDK instance includes:

HTTP client configuration (PSR-18 compatible)
Session storage (cookies or PHP sessions)
Token caching (if configured)
All plugin configuration settings applied

Usage:

Implementation: The method uses lazy initialization. If no SDK instance exists, it creates one by calling new Auth0($this->getConfiguration()). The instance is stored in the private $auth0 property for reuse.

Sources: src/Plugin.php164-169 README.md176-184

getConfiguration()

Returns the SdkConfiguration object used to initialize the Auth0-PHP SDK.

Signature:

Returns: Auth0\SDK\Configuration\SdkConfiguration - The SDK configuration object

Description: Returns the configuration object that defines how the Auth0-PHP SDK behaves. The configuration is built from WordPress options stored in the database under the auth0_* option keys.

The configuration includes:

Domain and client credentials
Custom domain settings
Cookie/session storage settings
HTTP client factories (PSR-17/PSR-18)
API audiences and organizations
Token caching configuration

Configuration Source: The configuration is imported from WordPress options by the private importConfiguration() method, which reads from:

auth0_client - Domain, Client ID, Client Secret
auth0_client_advanced - Custom domain, audiences, organizations
auth0_cookies - Cookie settings (secret, domain, path, secure, samesite, ttl)
auth0_tokens - Caching configuration

Usage:

Sources: src/Plugin.php98-103 src/Plugin.php274-329

run()

Initializes the plugin by registering all action and filter classes with WordPress hooks.

Signature:

Returns: self - The Plugin instance for method chaining

Description: This method is called automatically during plugin bootstrap. It registers all action and filter classes defined in the plugin's internal constants ACTIONS and FILTERS. This includes:

AuthenticationActions - Handles login, logout, session management
ConfigurationActions - Manages admin UI and settings
SyncActions - Handles background synchronization
ToolsActions - Provides admin tools
UpdatesActions - Manages plugin updates
AuthenticationFilters - Applies WordPress filters for authentication

Note: This method is called automatically in wpAuth0.php70 and does not typically need to be called manually.

Diagram: Plugin Initialization Flow via run() Method

Sources: src/Plugin.php224-245 wpAuth0.php70

isEnabled()

Checks whether authentication is currently enabled in the plugin configuration.

Signature:

Returns: bool - true if authentication is enabled, false otherwise

Description: Returns true when the "Enable Authentication" option is set to enabled in the plugin settings. This corresponds to the auth0_state[enable] database option having a value of 'true'.

When disabled, the plugin will not intercept WordPress login flows or redirect users to Auth0 for authentication.

Usage:

Sources: src/Plugin.php174-177

isReady()

Checks whether the plugin has a minimum viable configuration to function.

Signature:

Returns: bool - true if the plugin is properly configured, false otherwise

Description: Validates that all required configuration values are present and non-empty:

Domain (Auth0 tenant domain)
Client ID
Client Secret
Cookie Secret

Returns false if any required field is missing or empty, or if configuration retrieval throws an exception.

This check is more comprehensive than isEnabled() - a plugin can be enabled but not ready if required fields are missing.

Usage:

Implementation Details: The method attempts to retrieve the SdkConfiguration object and validates each required field using methods like hasClientId(), hasClientSecret(), etc. Any exceptions during configuration retrieval result in a false return value.

Sources: src/Plugin.php182-219

Configuration Access Methods

The Plugin class provides utility methods to read configuration options from the WordPress database. While these methods are public, they are primarily used internally. For most use cases, accessing the SDK via getSdk() is preferred.

getOption()

Signature:

Retrieves a configuration option from WordPress options table. Returns the value if found, or the default value if not.

getOptionBoolean()

Signature:

Retrieves a boolean configuration option. Converts string values 'true' and '1' to true, all other values to false.

getOptionInteger()

Signature:

Retrieves an integer configuration option. Converts numeric strings to integers.

getOptionString()

Signature:

Retrieves a string configuration option. Returns null if not found or not a string.

Example Usage:

Sources: src/Plugin.php113-159

Internal Support Methods

The following methods are exposed as public but are intended for internal plugin use. They are not recommended for external use as their behavior may change between releases.

database()

Returns a singleton instance of the Database class used for custom table operations.

Signature:

Sources: src/Plugin.php61-70

actions()

Returns a singleton instance of the Hooks class configured for WordPress actions.

Signature:

Sources: src/Plugin.php47-56

filters()

Returns a singleton instance of the Hooks class configured for WordPress filters.

Signature:

Sources: src/Plugin.php75-84

getClassInstance()

Internal method for retrieving or instantiating action/filter classes.

Signature:

Sources: src/Plugin.php86-93

Usage Patterns and Examples

Basic SDK Access Pattern

The most common usage pattern is to retrieve the plugin instance, verify its state, and access the SDK:

Accessing User Information

Making Management API Calls

Checking Configuration Values

Sources: README.md169-184

API Stability and Support

Supported Public API

The following are considered the stable public API and will maintain backward compatibility within major versions:

wpAuth0() function
Plugin::getSdk() method
Plugin::getConfiguration() method
Plugin::isEnabled() method
Plugin::isReady() method

Unsupported Internal APIs

All other methods, classes, and functionality are considered internal implementation details and may change without notice. This includes:

Action classes (Authentication, Configuration, Sync, Tools, Updates)
Filter classes
Database class
Hooks class
Utility classes
Internal plugin methods

Do not:

Extend plugin classes
Override plugin methods
Directly instantiate plugin classes
Rely on internal class structures
Hook directly into internal methods

Recommended Approach for Custom Development

For custom WordPress development requiring Auth0 integration:

Use the Auth0-PHP SDK directly via wpAuth0()->getSdk() for all Auth0 interactions
Use WordPress hooks (see WordPress Hooks and Filters) to integrate with plugin events
Do not extend or modify plugin classes directly
For advanced integrations, consider using the Auth0-PHP SDK independently rather than extending the plugin

Diagram: Supported vs Unsupported API Usage Patterns

Sources: README.md14-15 README.md169-184

URL: https://deepwiki.com/auth0/wordpress/5.2-plugin-api-reference