What problem does this address?

The lack of Apple authentication in the wp-graphql-headless-login plugin means users with Apple IDs cannot log in using their preferred method.

What is your proposed solution?

N/A

What alternatives have you considered?

N/A

Additional Context

N/A

Description

There's no option to set the Allow-Access-Control-Credentials header in the advanced settings. The custom fields are appended as a list under another header.

WPGRAPHQL_CORS has a checkbox for this, but there's a note in this plugin that says it's incompatible

Steps to reproduce

1. Enable the headless login plugin
2. Attempt to authenticate with a site that requires Allow-Access-Control-Credentials header

Additional context

No response

Plugin Version

1.0..0

WordPress Version

6.2

WPGraphQL Version

1.14.3

Additional enviornmental details

No response

Please confirm that you have searched existing issues in the repo.

• Yes

Please confirm that you have disabled ALL plugins except for WPGraphQL and Headless Login for WPGraphQL

• Yes
• My issue is with a specific 3rd-party plugin.

Description

'additionalAuthorizedDomains' should display the help text from here

Steps to reproduce

Expand the additional settings and see the help text for additional domains.
The help text should display the help text should display:
Domains added here will also be included in the Access-Control-Allow-Origin header. Make sure to include the protocol (http:// or https://).

Instead says: Separate with commas, spaces, or the Enter key.

Additional context

No response

Plugin Version

0.3

WordPress Version

6.6.1

WPGraphQL Version

1.27.2

Additional enviornmental details

No response

Please confirm that you have searched existing issues in the repo.

• Yes

Please confirm that you have disabled ALL plugins except for WPGraphQL and Headless Login for WPGraphQL

• Yes
• My issue is with a specific 3rd-party plugin.

What problem does this address?

Currently, the Plugin Settings screen use Typescript files to add a bit of extra type-safe linting, but its not implemented fully.

With the current state of WP's javascript eschewing traditional back-compat, and since using React for plugin settings is still a fairly uncommon pattern, the more type-safety to easily detect a break, the better.

What is your proposed solution?

All JS files should use Typescript, and ts linting should be added to the CI workflow.

What alternatives have you considered?

No response

Additional Context

No response

What problem does this address?

SAML is a popular authentication method - especially in the enterprise space. We should support it.

What is your proposed solution?

Create a new ProviderConfig that implements onelogin/php-saml.

What alternatives have you considered?

There are a few other SAML libraries for PHP, but onelogin's is by far the standard.

Additional Context

No response

What problem does this address?

..

What is your proposed solution?

..

What alternatives have you considered?

No response

Additional Context

There's a lot of possibilities to mock (and possibly bugs to flesh out).

See https://github.com/thephpleague/oauth2-client/blob/master/test/src/Provider/GenericProviderTest.php for an example.

Description

Hello! I am trying to set up Discord Oauth2 with the generic Oauth2 provider. However I get the error message
"debugMessage": "Provider generic-oauth2 is not enabled."

I can see in my database that the isEnabled property is correct for the provider, and based on what i'm seeing in the ProviderRegistry.php file I would be receiving another message if there was error in the config.

Steps to reproduce

Run a generic Oauth2 login mutation

mutation discordAuth($code: String = "xxx") {
  login(
    input: {provider: GENERIC_OAUTH2, oauthResponse: {code: $code, state: ""}}
  ) {
    authToken
  }
}

Additional context

No response

Plugin Version

0.0.7

WordPress Version

Version 6.2

WPGraphQL Version

1.14.0

Additional enviornmental details

No response

Please confirm that you have searched existing issues in the repo.

• Yes

Please confirm that you have disabled ALL plugins except for WPGraphQL and Headless Login for WPGraphQL

• Yes
• My issue is with a specific 3rd-party plugin.

Description

I caught a fatal error when trying to install the plugin.

Steps to reproduce

1. Install & activate WPGraphQL.
2. Download the 0.1.4 release .zip file, upload it to your WordPress install, and try to activate the plugin.

Additional context

Plugin could not be activated because it triggered a fatal error.

Warning: require(/var/www/html/wp-content/plugins/wp-graphql-headless-login-0.1.4/vendor/composer/../ralouphie/getallheaders/src/getallheaders.php): Failed to open stream: No such file or directory in /var/www/html/wp-content/plugins/wp-graphql-headless-login-0.1.4/vendor/composer/autoload_real.php on line 41 Fatal error: Uncaught Error: Failed opening required '/var/www/html/wp-content/plugins/wp-graphql-headless-login-0.1.4/vendor/composer/../ralouphie/getallheaders/src/getallheaders.php' (include_path='.:/usr/local/lib/php') in /var/www/html/wp-content/plugins/wp-graphql-headless-login-0.1.4/vendor/composer/autoload_real.php:41 Stack trace: #0 /var/www/html/wp-content/plugins/wp-graphql-headless-login-0.1.4/vendor/composer/autoload_real.php(45): ComposerAutoloaderInite3dd5adcad35e0c0a990ad87f09c52a0::{closure}('7b11c4dc42b3b30...', '/var/www/html/w...') #1 /var/www/html/wp-content/plugins/wp-graphql-headless-login-0.1.4/vendor/autoload.php(25): ComposerAutoloaderInite3dd5adcad35e0c0a990ad87f09c52a0::getLoader() #2 /var/www/html/wp-content/plugins/wp-graphql-headless-login-0.1.4/src/Autoloader.php(33): require_once('/var/www/html/w...') #3 /var/www/html/wp-content/plugins/wp-graphql-headless-login-0.1.4/wp-graphql-headless-login.php(34): WPGraphQL\Login\Autoloader::autoload() #4 /var/www/html/wp-admin/includes/plugin.php(2314): include_once('/var/www/html/w...') #5 /var/www/html/wp-admin/plugins.php(192): plugin_sandbox_scrape('wp-graphql-head...') #6 {main} thrown in /var/www/html/wp-content/plugins/wp-graphql-headless-login-0.1.4/vendor/composer/autoload_real.php on line 41

Plugin Version

0.1.4

WordPress Version

6.2.2

WPGraphQL Version

1.19.0

Additional enviornmental details

docker-compose.yaml:

version: '3.8'
services:
wordpress:
image: wordpress:6.2.2
restart: always
ports:
- "8000:80"
environment:
ENVIRONMENT: ${ENVIRONMENT}
WORDPRESS_DB_HOST: ${WORDPRESS_DB_HOST}
WORDPRESS_DB_NAME: ${WORDPRESS_DB_NAME}
WORDPRESS_DB_USER: ${WORDPRESS_DB_USER}
WORDPRESS_DB_PASSWORD: ${WORDPRESS_DB_PASSWORD}
WORDPRESS_DEBUG: true
DRAFT_SECRET: ${DRAFT_SECRET}
DRAFT_COOKIE_LIVE_TIME_S: ${DRAFT_COOKIE_LIVE_TIME_S}
GRAPHQL_JWT_AUTH_SECRET_KEY: ${GRAPHQL_JWT_AUTH_SECRET_KEY}
volumes:
- ./wp-content:/var/www/html/wp-content
depends_on:
- db
networks:
- my_network
db:
image: mysql:5.7
restart: always
ports:
- "3306:3306"
environment:
MYSQL_DATABASE: ${WORDPRESS_DB_NAME}
MYSQL_USER: ${WORDPRESS_DB_USER}
MYSQL_PASSWORD: ${WORDPRESS_DB_PASSWORD}
MYSQL_RANDOM_ROOT_PASSWORD: ${MYSQL_RANDOM_ROOT_PASSWORD}
volumes:
- db_data:/var/lib/mysql
networks:
- my_network
networks:
my_network:
volumes:
db_data:

Please confirm that you have searched existing issues in the repo.

• Yes

Please confirm that you have disabled ALL plugins except for WPGraphQL and Headless Login for WPGraphQL

• Yes
• My issue is with a specific 3rd-party plugin.

Description

I am experiencing an issue with the Headless Login Settings addon. Despite trying different versions and disabling other addons, the Headless Login Settings are not loading properly. I have attached screenshots for reference.

Additionally, whenever I click on any button, I encounter JavaScript errors, as shown in the screenshots.

Steps to reproduce

1. Install Headless Login Settings addon.
2. Change the site url to the frontend url, make it different from the wordpress address url
   
3. Attempt to access the settings page.
4. Click on any button. Nothing change, and the "Please wait while the settings are loaded" never change.

Additional context

The Headless Login Settings should load without any issues, and clicking on buttons should not result in JavaScript errors.

Plugin Version

0.1.4. Installed via the zip via the github release page (tried the last 5 releases its the same)

WordPress Version

6.3.2

WPGraphQL Version

1.17.0

Additional enviornmental details

Site Language | en_US
User Language | en_US
Timezone | +00:00
Home URL | https://frontendurl
Site URL | https://wordpressinstallurl
Permalink structure | /%postname%/
Is this site using HTTPS? | Yes
Is this a multisite? | No
Can anyone register on this site? | Yes
Is this site discouraging search engines? | No
Default comment status | Open
Environment type | production
User count | 4
Communication with WordPress.org | WordPress.org is reachable

Headless Login for WPGraphQL | Version 0.1.4 by AxePress | Auto-updates disabled
WPGraphQL | Version 1.17.0 by WPGraphQL | Auto-updates disabled

Server architecture | Unable to determine server architecture

Web server | nginx/1.22.1
PHP version | 8.0.25 (Supports 64bit values)
PHP SAPI | fpm-fcgi
PHP max input variables | 5000
PHP time limit | 300
PHP memory limit | 1073741824
Max input time | 60
Upload max filesize | 512M
PHP post max size | 512M
cURL version | 7.83.1 OpenSSL/1.1.1s
Is SUHOSIN installed? | No
Is the Imagick library available? | Yes
Are pretty permalinks supported? | Yes
Current time | 2023-10-29T15:33:39+00:00
Current UTC time | Sunday, 29-Oct-23 15:33:39 UTC
Current Server time | 2023-10-29T15:33:38+00:00

Please confirm that you have searched existing issues in the repo.

• Yes

Please confirm that you have disabled ALL plugins except for WPGraphQL and Headless Login for WPGraphQL

• Yes
• My issue is with a specific 3rd-party plugin.

What problem does this address?

Currently, users need to authenticate separately on WP and the frontend. This makes admin preview flows more annoying, as well as complicates the current recommended wp-graphql-woocommerce checkout approach which suggests using the server checkout over manually registering GraphQL support for payment gateways.

What is your proposed solution?

Add the ability to generate WP Login cookies when authenticating, with a corresponding toggle in the plugin settings.

What alternatives have you considered?

No response

Additional Context

https://mikejolley.com/2021/03/02/headless-wordpress-cookie-based-login-using-graphql/

https://developers.wpengine.com/blog/headless-wordpress-authentication-native-cookies

What problem does this address?

I want my WooCommerce users to connect to my application using NextAuth through my Wordpress.

What is your proposed solution?

I used Generic OAuth2 using Auth0. But in development mode it's a nightmare.

What alternatives have you considered?

I want to use site token but there's no doc for that

Additional Context

No response

Description

Hi,

I have created a simple React App (running on http://localhost:5173) that fetches data through WPGraphql.
I have installed wp-graphql-headless-login in order to get Social login features (Google and Facebook).

I am in the process of configuring the Google auth and i would like the wp-headless-login plugin to set the wp authentication cookie automatically on login success.

I am now able to login and create the logged in user automatically in wordpress.
The problem i am facing is that the wp auth cookie does not get set because it is lacking of the SameSite attribute.
I can see that the request tries to set the wp auth cookie but it does not get set.

Here is a screenshot:

There is no way for me within the plugin to change the SameSite attribute to none ?

here is my plugin configuration

.

Steps to reproduce

1. Install the plugin
2. add a Google provider along with CLIENT ID and CLIENT SECRET.
3. In the plugin Login Settings TURN ON all settings.
4. In the plugin Access Control Settings TURN ON Block unauthorized domains and Add ACAC.
5. Set the locally running react frontend url in the authorized domains.

Additional context

No response

Plugin Version

0.1.4

WordPress Version

6.4.2

WPGraphQL Version

1.19.0

Additional enviornmental details

No response

Please confirm that you have searched existing issues in the repo.

• Yes

Please confirm that you have disabled ALL plugins except for WPGraphQL and Headless Login for WPGraphQL

• Yes
• My issue is with a specific 3rd-party plugin.

What problem does this address?

As an official league/oauth2-client provider, it should be easy to add and include in the 0.1.0 release

What is your proposed solution?

https://github.com/thephpleague/oauth2-linkedin

What alternatives have you considered?

No response

Additional Context

No response

Description

Trying to integrate an external provider (TheNetworg\OAuth2\Client\Provider\Azure), I receive the error "The provider class must extend AbstractProvider".

It appears to be because OAuth2Config is expecting AbstractProvider to be in the WPGraphQL\Login\Vendor\League\OAuth2\Client\Provider namespace, rather than \League\OAuth2\Client\Provider, since it's been prefixed with Strauss.

I did not get the same error when testing the example here, but it's a bit beyond my ken at the moment to say why that's different (perhaps since it's already a dependency?)

I guess #96 (comment) is a similar report.

Steps to reproduce

Implement skeleton config like

<?php

namespace App\GraphQL\OAuthProviderConfig;

use TheNetworg\OAuth2\Client\Provider\Azure;

class AzureProviderConfig extends
	\WPGraphQL\Login\Auth\ProviderConfig\OAuth2\OAuth2Config
{
	public function __construct()
	{
		parent::__construct(Azure::class);
	}

	public static function get_name(): string
	{
		return __('Azure', 'wp-graphql-login');
	}

	public static function get_slug(): string
	{
		return 'azure';
	}

	protected static function client_options_schema(): array
	{
		return [];
	}

	public static function client_options_fields(): array
	{
		return [];
	}

	public function get_user_data(array $owner_details): array
	{
		return [];
	}

	protected function get_options(array $settings): array
	{
		return [];
	}
}

add_filter('graphql_login_registered_provider_configs', function (
	array $provider_configs
) {
	// Give the provider a unique slug, and pass the ProviderConfig class name.
	$provider_configs['azure'] =
		\App\GraphQL\OAuthProviderConfig\AzureProviderConfig::class;

	return $provider_configs;
});

Additional context

No response

Plugin Version

0.1.4

WordPress Version

6.4.2

WPGraphQL Version

1.19.0

Additional enviornmental details

No response

Please confirm that you have searched existing issues in the repo.

• Yes

Please confirm that you have disabled ALL plugins except for WPGraphQL and Headless Login for WPGraphQL

• Yes
• My issue is with a specific 3rd-party plugin.

What problem does this address?

As an official league/oauth2-client provider, it should be easy to add and include in the 0.1.0 release

What is your proposed solution?

https://github.com/thephpleague/oauth2-instagram

What alternatives have you considered?

No response

Additional Context

No response

Description

Upgrading to 0.0.9 renders the form field for "additional authorized domains" in the provider settings unusable - any input fields do not display, when a new host is input it dissapears.

Steps to reproduce

1. Install 0.0.9
2. Go to graphql > settings > headless login
3. Scroll down to "Access Control Settings"
4. Attempt to utilize the "Additional authorized domains" field

Additional context

No response

Plugin Version

0.0.9

WordPress Version

6.2

WPGraphQL Version

1.14.0

Additional enviornmental details

No response

Please confirm that you have searched existing issues in the repo.

• Yes

Please confirm that you have disabled ALL plugins except for WPGraphQL and Headless Login for WPGraphQL

• Yes
• My issue is with a specific 3rd-party plugin.

What problem does this address?

Gutenberg likes to break things, but we need to make sure updates don't break any functionality or extensibility.

What is your proposed solution?

We should implement codecept acceptance tests and playright e2e tests to ensure a stable backend.

What alternatives have you considered?

No response

Additional Context

Inspiration: WordPress/gutenberg#38851