Plugin / IndieAuth

IndieWebCamp WordPress Outreach Club

Changelog

Changelog

Project and support maintained on github at indieweb/wordpress-indieauth.

3.4.2

  • Repair issue with other flow caused by function name issue

3.4.1

  • Add setting to set the user who will be using the site URL as their URL as opposed to their author URL which removes dependency on Indieweb plugin for this.

3.4.0

  • Enforce unique URLs for user accounts
  • Add user url to user table
  • Redo association for URL to user account. At this time, only the root path and the author archive URLs are allowed as a return. Hoping to add more options in future
  • Add Site Health Check
  • Improve text and links for authorization failure

3.3.2

  • Add new diagnostic script that will nag you until you run it at least once
  • Add cache control headers on return from endpoint
  • Verifying the token at the token endpoint did not use REDIRECT_HTTP_AUTHORIZATION now added
  • Add header check to settings page
  • Add option to generate tokens on the backend with any scope
  • Add option to bulk expire tokens
  • Add cleanup option

3.3.1

  • Add definition of profile scope
  • Improve documentation in README

3.3

  • Switch to SHA256 hashing from built in salted hash used by WordPress passwords
  • Add PKCE Support

3.2

  • Only add headers to front page and author archive pages
  • Return basic profile data in returns so the client can display the name and avatar of the user

3.1.11

  • Fix issue with silent conversion when not array
  • Add client name and icon automatically on setting token

3.1.10

  • Fixed PHP notice with icon determination
  • Silently convert requests for the post scope to the create update scope
  • Update tagline

3.1.9

  • Fixed PHP warnings

3.1.8

  • When local verification is performed the code was not updating the profile URL and passing through the URL from the original request. This code was in the remote verification portion of the token endpoint and is now mirrored in the verify local code.

3.1.7

  • Add authdiag.php script written by @Zegnat

3.1.6

  • Add ability to generate a token on the backend
  • Added a test endpoint that tests whether the authentication provider for the REST API is working and tries to return useful errors

3.1.5

  • Add Client Information Discovery to search for names and icon for clients
  • Add icon and client name to Manage Token page
  • Add action to refresh icon and other information in the Manage Token interface

3.1.4

  • Rearrange token logic so that if a token is provided the system will fail if it is invalid
  • Add last accessed field to token and add that to token management table

3.1.3

  • Allow selection of scopes and add stock descriptions
  • Update Manage Token Page to use WP_List_Table

3.1.2

  • Fix issue with scope encoding
  • Fix issue where function returned differently than parent function

3.1.1

  • Fixed PHP error with version < PHP 5.4

3.1.0

  • Fixed state param handling

3.0.4

  • Fixed admin settings

3.0.3

  • Verify user ID directly from the token endpoint rather than mapping URL.
  • Display $me parameter instead of user_url on authenticate screen
  • Remove deprecated functions and parameters

3.0.2

  • Automatically rewrite local URLs to https if the local site is site to SSL

3.0.1

  • In previous version fixed issue where error message was not returned if there was a missing bearer token. This was needed due fact that some servers filter tokens. However, this meant that it would do this for all API requests, even ones not requiring authentication such as webmentions. Reverted change with flag
  • Added constant INDIEAUTH_TOKEN_ERROR which if set to true will return an error if it cannot find a token.

3.0.0

  • Major refactor to abstract out and improve token generation code
  • Set one cookie with the state instead of multiple cookies.
  • Store other parameters as a transient
  • Remove extra settings

2.1.1

  • Bug Fix

2.1.0

  • Refactor to change load order
  • Textual fix
  • Add defaults when core functions not yet enabled
  • Rework of the admin-interface

2.0.3

  • Add improved getallheaders polyfill
  • Check for missing cookie
  • Check for alternate authorization location

2.0.2

  • If using local endpoint verify token locally without making remote call
  • Add filters for scope and response so they can be accessed elsewhere
  • urlencode state as some encode information into state that was being lost
  • Switch from failure to warning message for different domains for redirect
  • Hide token endpoint management page if local endpoint not enabled

2.0.1

  • Improve error handling if null endpoint sent through
  • Adjust cookie to GMT
  • Add whitepace to form

2.0.0

  • Support author profiles in addition to user URLs
  • Change token verification method to match current Indieauth specification
  • Add support for token verification to act as a WordPress authentication mechanism.
  • Add ability to set any token or authorization endpoint
  • Add authorization and token endpoint headers to the site
  • Discover and use authorization endpoint for provided URL when logging in
  • Allow login using URL
  • Add built-in token endpoint ( props to @aaronpk for support on this )
  • Add built-in authorization endpoint ( props to @aaronpk for support on this )
  • Hide option to login with your domain by default
  • Option to sign into your domain is now a separate form
  • Automatically add trailing slash to user_url

1.1.3

  • update README

1.1.2

  • fixed redirect URL

1.1.1

  • WordPress coding style

1.1.0

  • fixed critical bug

1.0.0

  • initial

Ratings

5
4 reviews

Rating breakdown

Details Information

Version

3.4.2

First Released

13 Sep, 2013

Total Downloads

8,878

Wordpress Version

4.9.9 or higher

Tested up to:

5.2.4

Require PHP Version:

5.4 or higher

Tags

Contributors

Languages

The plugin hasn't been transalated in any language other than English.

DIRECTORY DISCLAIMER

The information provided in this THEME/PLUGIN DIRECTORY is made available for information purposes only, and intended to serve as a resource to enable visitors to select a relevant theme or plugin. wpSocket gives no warranty of any kind, express or implied with regard to the information, including without limitation any warranty that the particular theme or plugin that you select is qualified on your situation.

The information in the individual theme or plugin displayed in the Directory is provided by the owners and contributors themselves. wpSocket gives no warranty as to the accuracy of the information and will not be liable to you for any loss or damage suffered by you as a consequence of your reliance on the information.

Links to respective sites are offered to assist in accessing additional information. The links may be outdated or broken. Connect to outside sites at your own risk. The Theme/Plugin Directory does not endorse the content or accuracy of any listing or external website.

While information is made available, no guarantee is given that the details provided are correct, complete or up-to-date.

wpSocket is not related to the theme or plugin, and also not responsible and expressly disclaims all liability for, damages of any kind, arising out of the use, reference to, or reliance on, any information or business listed throughout our site.

Keep Leading Your Followers!
Share it for them.