forked from AuthentiqID/wordpress-authentiq
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.txt
executable file
·142 lines (83 loc) · 6.57 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
=== Authentiq ===
Contributors: authentiq, stannie, ziogaschr
Tags: passwordless, two-factor, two factor, 2 step authentication, 2 factor, 2FA, admin, ios, android, authentication, encryption, harden, iphone, log in, login, mfa, mobile, multifactor, multi factor, oauth, password, passwords, phone, secure, security, smartphone, single sign on, ssl, sso, strong authentication, tfa, two factor authentication, two step, wp-admin, wp-login, xmlrpc, xml-rpc, clef
Requires at least: 4.6
Tested up to: 5.0
Stable tag: 1.0.5
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Sign in (and sign up) to WordPress sites using the Authentiq ID app. Strong authentication, without the passwords.
== Description ==
The [Authentiq](https://www.authentiq.com/) plugin allows users to simply use their phone to authenticate to your WordPress site, share their identity details safely, and sign out again remotely.
This plugin is for admins that are interested in moving beyond username and password, and do not want to burden their users with typing one time codes from SMS or authenticators or other methods that harm the user experience.
The [Authentiq](https://www.authentiq.com/) service is free (for most use cases) and does not store any user data centrally, but in the Authentiq ID app on the user's phone instead.
Features:
* Use Authentiq as a convenience sign in (and sign up) method, or as a secure sign in method.
* In the latter case, replacing one time passwords (TOTP) or hardware tokens, option to still accept accounts with classic username & password.
* On every sign in, the profile information is explicitly shared by the Authentiq ID app and updated in the WordPress profile, thus keeping it up to date on every sign in.
* Visitors to your site that already have the Authentiq ID app installed can simply sign up by scanning a QR code or typing their email address and confirm on their phone.
* Block users by (verified) email domain, or limit to specific domains.
* Optionally request social accounts, address, and (verified) phone numbers too.
* Remote sign out: your users can sign out with their Authentiq ID app, even when they left their session signed in on another computer.
* Existing users can activate Authentiq in their profile page for convenience or additional security.
You can check our [demo site](https://wordpress.demos.authentiq.io/).
= Widget =
You can have an Authentiq sign in button in any widgetized area / sidebar:
1. Go to 'WordPress Dashboard > Appearance > Widgets'.
2. Drag and drop the "Authentiq" widget into any widgetized area / sidebar.
3. Configure settings on the widget and click save.
Place and configure as many Authentiq widgets as you want.
= Shortcodes =
The plugin can be placed anywhere in your site using WordPress shortcodes.
The shortcode is `[authentiq_login_button]`.
Additionally you can set some extra parameters, which are:
* **sign_in_text**: Text shown in Authentiq button, when user **is not** signed in, in order to sign in.
* **linking_text**: Text shown in Authentiq button, when user **is** signed in, but is not linked with Authentiq yet, in order to link the user account.
* **sign_out_text**: Text shown in Authentiq button, when user **is** signed in and linked with Authentiq, in order to sign out.
* **color_scheme**: Authentiq button color scheme. Use a number from 0: default, 1: purple, 2: orange, 3: grey, 4: white.
Example use: `[authentiq_login_button sign_in_text="Login" linking_text="Link your account" sign_out_text="Logout" color_scheme=1]`.
You can even place the [shortcode in your template files](http://docs.getshortcodes.com/article/52-using-of-shortcodes-in-template-files).
== Installation ==
= Automatic installation =
Log in to your WordPress dashboard, navigate to the Plugins menu and click Add New.
In the search field type 'Authentiq' and click Search Plugins, once you find it, you can install it by simply clicking 'Install Now'.
= Manual installation =
The manual installation method involves downloading the Authentiq plugin and uploading it to your webserver via your favorite FTP application. The WordPress codex contains [instructions on how to do this here](https://codex.wordpress.org/Managing_Plugins#Manual_Plugin_Installation).
== Frequently Asked Questions ==
= How a user can link her account with Authentiq =
There are two flows for this.
1. She signs in using the Authentiq ID App, using the same email as her current WordPress user.
2. She signs in at the site using WordPress Username & Password, and then links her account with Authentiq, either using a widget or shortcode button, or by visiting her profile.
= How can I see extra user info send by Authentiq ID =
You can simply visit the user’s profile page.
= If I disable WordPress Username & Password, how a user can get back access if lost? =
When this happens, the WordPress site admin visits the user profile from the WordPress Dashboard, and click the "unlink" button in the Authentiq section.
= Is WooCommerce supported? =
Yes, WooCommerce checkout and account pages are supported. In case "Address" and "Phone number" have been opted-in in Authentiq plugin settings page, they will be pre-filled for the user during checkout.
= What if I am already using "WordPress Social Login" (WSL) plugin, for Authentiq =
Simply disable Authentiq within the WSL plugin (or the WSL plugin as a whole). Make sure you configure the redirect url correctly and add a backchannel redirect url in the Authentiq dashboard as prompted in the plugins page. Your users will be able to sign in with Authentiq right away.
== Screenshots ==
1. Authentiq widget added in the sidebar.
2. Authentiq button in the WordPress login area.
3. Authentiq additional information in the user profile page.
4. Authentiq plugin admin page.
5. Authentiq widget configuration in the WordPress Dashboard.
6. Adding Authentiq Shortcode in a post.
== Changelog ==
= 1.0.5 - 2018-05-20 =
* Feature - Add layout settings.
* Feature - Add button color scheme settings.
* Feature - Add GDPR Compliance.
= 1.0.4 - 2018-04-25 =
* Tweak - OAuth2 `state` parameter stored as session cookie. Fixes Issue #1.
= 1.0.3 - 2017-12-17 =
* Feature - Stop updating username and display_name on sub-sequent signins.
* Feature - Add settings for defining a specific redirect URL after signin.
= 1.0.2 - 2017-11-25 =
* Feature - Add `authentiq_pre_insert_user_data` filter.
* Feature - Add `authentiq_redirect_to_after_signin` filter.
= 1.0.1 - 2017-11-14 =
* Tweak - Support WordPress 4.9.
* Tweak - Make the Authentiq button in frontend a bit smaller.
= 1.0.0 - 2017-10-29 =
* Initial public release.