Skip to content

Latest commit

 

History

History
1094 lines (853 loc) · 91.1 KB

CHANGELOG.md

File metadata and controls

1094 lines (853 loc) · 91.1 KB

Change Log

4.1.1 (2020-10-21)

Full Changelog

Fixed

4.1.0 (2020-05-21)

Full Changelog

Closed issues

  • With a custom domain, JWKs aren't being fetched from the correct domain #790

Changed

Fixed

4.0.0 (2020-03-31)

Full Changelog

This is a major release with breaking changes!

In addition to the minimum PHP version being updated from 5.3 to 7.0, there are many breaking removals and changes that are covered in the migration guide included in this release.

Closed issues

  • pt-BR language is not being installed #760
  • Authorization Extension, groups, roles not showing up #701
  • Using the auth0 word in the URL path triggers an authorization code exchange #351

Added

  • PHPCS security scan, sanitization and escaping improvements, and removed custom admin styling (see commits for details)
  • Add settings validation to import #777 (joshcanhelp)
  • Add ability to break cache if RS256 ID token kid is not found #770 (joshcanhelp)
  • Remove error_log calls and add auth0_insert_error action #763 (joshcanhelp)
  • Get new access token via refresh token API #730 (albeja)
  • feature/Adding Brazilian Portuguese translations #729 (niugait)
  • Add wpa0_user_data filter before creating WP_User #717 (horike37)
  • Add check for GET and POST globals for state validation #707 (joshcanhelp)

Changed

Removed

Fixed

3.11.3 (2020-01-30)

Full Changelog

Closed issues

  • wle parameter allows for possible XSS attack #767

Security

  • Fix potential XSS on wp-login.php override page #768 (kinabalu)

3.11.2 (2020-01-17)

Full Changelog

Fixed

3.11.1 (2019-08-05)

Full Changelog

Fixed

3.11.0 (2019-05-30)

Full Changelog

Notes on this release

  • Lock was updated from 11.15 to 11.16. The option to display social connections in small styled buttons is no longer available due to branding compliance reasons with third party identity providers. All the social connections will now be displayed as large styled buttons.
  • New installs using user migration will now have a namespaced user ID returned to Auth0 on first login. If you have or plan on having multiple custom databases, please see the User Migration documentation for more information. New installs will also use configuration variables instead of hard-coded values for the URL, migration token, and user namespace.
  • The WordPress core login override has been refactored to improve the user experience and overall security.
  • Added more complete ID token validation during login.
  • Sites using VIP Go are now able to use MFA.
  • Fixed a bug that prevented sites using user migration from changing the WordPress user's email.

Closed issues

  • WordPress.com VIP Go MFA incompatibility #687

Added

Changed

Deprecated

Fixed

Security

3.10.0 (2019-04-18)

Full Changelog

Notes on this release

  • The "Single Sign-On" setting has been deprecated and will be removed in the next major release. This setting is used to attempt SSO on the wp-login.php. To use SSO going forward, please activate the "Universal Login Page" setting in the Features tab of the plugin settings. If you are already using the Universal Login Page on your site then expect no changes in functionality.
  • The "Single Logout" functionality has been changed. This setting now logs users out of Auth0 automatically when they log out of WordPress. It no longer logs users out of WordPress automatically if they have already been logged out of Auth0.
  • The default Lock version has been updated from 11.5 to 11.15. If you have never changed the Lock URL, this update will be automatic for this and future releases. If you have updated the Lock URL in the past, your custom URL has been retained. We recommend using the latest tested version of Lock, which can be done by turning the "Use Custom Lock JS URL" option off on the Advanced tab of the plugin settings. Please see the Lock changelog (v11.6.0 to v11.15.0) for information on changes to the embedded login form.
  • Core WordPress login form display handling has been changed to improve security and maintainability. Please review the "Original Login Form on wp-login.php" option on the Basic tab of the plugin settings to make sure this is set properly for your site.
  • Site administrators can now rotate the migration token in the Advanced tab of the plugin settings. This change will occur right after confirmation and must be updated in the database Connection immediately. Please see our documentation page on User Migration for more information about configuring and troubleshooting this feature.
  • The "API Token" field in the Basic tab of the plugin settings has been removed. All Management API functionality now uses a Client Credentials grant, which is set up automatically when you run the Setup Wizard. The only scopes required for the plugin are now read:users and update:users. Configuration steps for this can be found here but if your site is already working as expected currently then no action is required for this update to function but any additional scopes for your WordPress application should be removed from the Management API at some point.
  • The "Password Policy" setting on the Features tab has been removed. This setting must be managed in the settings for the database Connection being used going forward. No changes were made to the connection, just the ability to manage it in WordPress.
  • The "Multifactor Authentication (MFA)" switch on the Features tab has been removed. This setting must be managed in the Auth0 dashboard going forward. No changes were made to how this works, just the ability to manage it in WordPress.
  • The "FullContact," "Store Geolocation", and "Store Zipcode Income" settings on the Features tab have been removed. These settings must be managed in Rules going forward. No changes were made to how these features work, just the ability to manage them in WordPress.
  • The "Custom CSS" and "Custom JS" fields on the Appearance tab have been deprecated. If you already have CSS and/or JS stored, the setting will continue to work until the next major release. If not, these fields have been removed. Custom styles and scripts should be loaded in an external file using the instructions here.
  • The "Link Users with Same Email" setting on the Advanced tab has been removed. This functionality must be managed in the Auth0 dashboard going forward. More information on this feature can be found here. No changes were made to how this works, just the ability to manage it in WordPress.
  • The Delete MFA Data control on the User Profile has been removed. Please use the Auth0 Dashboard to manage MFA for users.
  • An Auth0 login form (or link to login) will now appear on the WooCommerce Checkout page for sites that allow or require an account to check out.
  • The connection with the WP JWT Auth plugin has been deprecated and will be removed in the next major.

Notes for developers

  • A wp_auth0_get_option() function has been added to get an option value. Please use this going forward instead of WP_Auth0_Options::Instance()->get().
  • As mentioned above, a Management API token can no longer be provided manually (except in the Setup Wizard). The token is now obtained automatically using a Client Credentials grant and stored in a transient along with the allowed scopes. You can get the existing token with WP_Auth0_Api_Client_Credentials::get_stored_token() and check for necessary scopes with WP_Auth0_Api_Client_Credentials::check_stored_scope(). If you need to get a new token, use \WP_Auth0_Api_Client_Credentials::call().
  • If you are using any of the WP_Auth_* classes in a custom plugin or theme, please note that there have been many deprecations in the last several releases. All deprecated classes, methods, and functions will be removed in the next major release so please review your custom code and make the appropriate changes.
  • The auth0_sso_auth0js_url filter has been added that lets you override the default CDN URL for Auth0.js when doing an SSO check on the wp-login.php page.
  • The auth0_coo_auth0js_url filter has been added that lets you override the default CDN URL for Auth0.js when loading the COO fallback page.
  • The auth0_slo_return_to filter has been added that lets you override the default returnTo URL when logging out of Auth0.

Closed issues

  • # with OTP MFA doesn't work unless "Remember this browser" is enabled #667
  • WP_Auth0_Routes::migration_ws_login, 401 Invalid Credentials #633
  • OpenSSL error in WP_Auth0_Api_Client_Credentials::call #631
  • 1Password Compatibility #627
  • User Migration set as PHP constant causes token to not be generated #620

Added

Changed

Deprecated

Removed

Fixed

3.9.0 (2019-01-11)

Full Changelog

Notes on this release

  • Added a complete Spanish translation!
  • Email changes for WordPress users now work properly and are rejected clearly if Auth0 rejects the change. This does not affect the email verification process in WordPress; the email is changed only after the verification happens. A current API token is not required but your Application does need to allow for a Client Credentials grant with the Management API (this configured for you by default, more information here).
  • Sibling sub-domains are now allowed for the Login Redirect URL. Anything within the same domain name as the site URL can now be saved.
  • Default Auth0 IP addresses are now allowed by default on the user migration endpoints. Adding or changing the IP addresses for the "Migration IPs Whitelist" field will not affect default IPs.
  • User migration endpoints were improved to provide better errors when requests are rejected and more clear custom database scripts that can be used as an example when setting up the migration manually. Switching this setting on or off does not make any changes in the Auth0 dashboard or to the existing token, it only makes the endpoints available or not.
  • The Social Amplificator functionality has been removed.

Added

Changed

Deprecated

Removed

Fixed

Closed issues

  • Invalid State error 100% of the time #597
  • Update docs #591
  • Correct dimensions for custom login icon #586
  • Basic settings edit box doesn't show values from AUTH0_ENV_* constants #569
  • Better documentation of User Migration endpoints with manual setup #542
  • Keep getting logged out once SSO is turned on #541

3.8.1 (2018-11-14)

Full Changelog

Closed issues

  • Javascript: Use readonly instead of disabled on email field #587

Changed

Fixed

3.8.0 (2018-11-06)

Full Changelog

Notes on this release

  • Administrators can now mark certain strategies as able to skip email verification. This is typically used for Enterprise strategies that do not provide an email verification flag. This should be used sparingly and only for connections that do not provide this flag.
  • Password changes for WordPress users now work properly and are rejected clearly if Auth0 rejects the change (typically because the password does not conform to the password policy). A current API token is not required but your Application does need to allow for a Client Credentials grant with the Management API (this configured for you by default, more information here).
  • The wp-login.php page is no longer used for any callback processing. If you are using this page to process callbacks in a custom plugin or theme, please update to use the main callback URL for the implicit flow /index.php?auth0=implicit. In addition, users that are already logged in will be redirected to the default login page when accessing wp-login.php.
  • Error logging has been improved in general, along with improvements to the error log display. Consecutive, duplicate errors are now combined, the error log now shows more entries, and entries can be cleared from the admin.
  • The "Auto-Login" setting has been renamed to "Universal Login Page" and moved from the Advanced tab to the Features tab. The functionality is the same as before and will retain the existing setting.

Issues and PRs

Closed issues

  • Plugin tries to create a user if they log in a different way #539
  • Problems with implicit login in > 3.6 #536
  • Add authorization token to header for external request #534
  • Configuring auth0 OIDC URL parameters #521
  • Single sign on shows the login username/password fields briefly before automatically signing in #508
  • Better behavior when logged-in users visits wp-login.php #414
  • Profile password update changes #375
  • auth0 forgot password doesn't change WP password #310
  • Woocommerce can't change user password #300

Added

Changed

Deprecated

Fixed

Fixed

=======

d5c5c0d... Add CHANGELOG entry for 3.7.1

3.7.1 (2018-10-08)

Full Changelog

Closed issues

  • "search_engine=v2 is not available for your tenant because it is deprecated" error #562

Fixed

  • 3.7.1 patch release to fix user search engine in rules #563 (joshcanhelp)

3.7.0 (2018-08-13)

Full Changelog

Closed issues

  • Optionally load client ID, secret and domain from environment #480
  • Allow login redirect URL to point to an in-network domain for multi-site #459

Added

Changed

Removed

Fixed

3.6.2 (2018-06-29)

Full Changelog

Closed issues

  • auth0_state cookie and Pantheon #494
  • Question: Way to visit directly to # tab? #489
  • Custom Fields #487
  • TypeError: jQuery(...).tab is not a function #484
  • Error - auth0 cannot find node with id "auth0-login-form" #483

Added

Fixed

3.6.1 (2018-06-07)

Full Changelog

Closed issues

  • No versions in Wordpress plugin repo #478
  • Javascript error loading Customize #476

Fixed

3.6.0 (2018-06-05)

Full Changelog

NOTES

  • Passwordless was reconfigured completely to use the combined Lock library (currently hard-coded to 11.5). All current settings will be migrated to the new configuration so your login process should not change. Lock initiation has also been refactored to improve maintainability and adhere to WordPress standards.
  • The Setup Wizard has been adjusted to more clearly explain the process and options available. This only affects new installations using the Setup Wizard for configuration.
  • The settings page has been rearranged and improved overall. New settings descriptions have also been added along with links to documentation, where appropriate.
  • State validation was added to both login flows; nonce validation was added to sites using Implicit flow.
  • OIDC compliant Applications should now function as expected (though this setting is not yet activated by default on installation). OpenID Connect login is now possible by turning off the Client Credentials grant for your WordPress Application.
  • Dashboard widgets have been removed. This can easily be added back as a plugin, if needed. Please contact support if you need assistance with this.
  • A number of new hooks have been added, please see our docs page on extension for a complete inventory with examples. This includes the ability to support refresh tokens.
  • Federated logout has been removed.

Closed issues

  • Expose a configurable toggle that allows Users to state if federated logout should be used #471
  • Updating to 3.5.2 - Fatal error: Uncaught Error: Cannot use object of type stdClass as array in /app/wp-content/plugins/auth0/lib/WP_Auth0_DBManager.php on line 225 #464
  • Autoloader performance issue #461
  • Bad request does not raise error #432
  • Widget URL changes don't save when you are using passwordless #430
  • Deprecate oauth/ro endpoint #410
  • Handling errors #403
  • Fallback /api/v2/users/{id} to /userinfo #401
  • CORS errors #400
  • Provide Resend verification email only for DB connections #345
  • SSO disabled, Single Logout enabled causes users to get logged out automatically a few seconds after logging in #336
  • French translation : html characters #309
  • "Invalid authorization code": Access token is requested twice in a row, breaking the login flow #305
  • Make state work after SSO login #302
  • Is there a way to use Refresh Tokens and Wordpress? #296
  • Only decode the payload before user profile fetch in login manager #283
  • redirect callback errors #280
  • Linked Users won't be able to login using implicit flow and pipeline 2 #272
  • Normalize use of shortcode and widget #260
  • Wrong z-index on modal error message in manual setup #252
  • Logout does not work when Wordpress is locked down (private site) #39

Added

Changed

Deprecated

Removed

Fixed

3.5.2 (2018-02-22)

Full Changelog

Closed issues

  • [Security] [URGENT] XSS injection error page #381
  • Non-static method WP_Auth0_Api_Client::convertCertToPem() should not be called statically #380
  • Notices in /lib/admin/WP_Auth0_Admin_Advanced.php #374
  • SSO login failing when not using implicit flow #363
  • "Override WordPress avatars" option doesn't appear to work with comments #355
  • Change log is missing from readme.txt, the separate changelog file is not updated #346
  • Uninstall doesn't remove all Auth0 database plugin entries #322
  • Unable to save migration IPs whitelist #320
  • 3.2.16 throws errors if Error Log is empty #285
  • Login plugin form name incorrect #269

Changed

Fixed

3.5.1 (2018-01-26)

Full Changelog

Please see note from 3.5.0 below if upgrading from 3.4.0 or earlier

Fixed

3.5.0 (2018-01-25)

Full Changelog

Please note: This is a major update that requires changes to your Auth0 Dashboard to be completed. You can save a new API token in your Basic settings in wp-admin before upgrading and the changes will be made automatically during the update. Otherwise, after upgrading, please review your Application Advanced Settings, specifically your Grant Types, and authorize your Client for the Management API.

Changed

Fixed

3.4.0 (2018-01-08)

Full Changelog

Added

Fixed

  • Switching wizard admin user creation to use /dbconnections/# #356 (joshcanhelp)

3.3.2 (2017-10-05)

Full Changelog

Added

  • Added translation support for a few user-facing exception messages #312 (idpaterson)

Changed

  • Use literal 'wp-auth0' rather than WPA0_LANG constant #311 (idpaterson)

Fixed

  • Properly handle auto login configuration + custom parse url hash in login page (glena)
  • Implicit mode in auto login (glena)

Notes There is a jump in version due to a release issue which required bumping the version a few times.

3.2.24 (2017-08-14)

Full Changelog

Changed

Removed

  • Remove client_id/secret validation since it is not allowed anymore #334 (glena)

3.2.23 (2017-07-18)

Full Changelog

Changed

3.2.22 (2017-06-26)

Full Changelog

Fixed

  • Fixed migration for older plugins that use base64 secret #324 (cocojoe)

3.2.21 (2017-06-14)

Full Changelog

Added

  • Improve redirect_login error logging, JWT leeway #317 (cocojoe)

Changed

  • Expand internal login error with hint to disable base 64 encoding #318 (cocojoe)
  • Disable base64_encoded by default #313 (thameera)

3.2.5 (2016-09-07)

Full Changelog

Closed issues:

  • Profile data not returned in get_auth0userinfo() #236
  • Login Only Not Allowed #234
  • Dashboard widget, Uninitialized string offset #232
  • allow toggle to override users avatars #231
  • Lock in register page does not show custom fields #229
  • Wordpress user creation with duplicate emails #219
  • Setup Wizard errors out halfway #218
  • Add compatibility class that can be used to improve integration with 3rd-party plugins #208
  • Bug - Twitter authentication fails when user's Twitter name has non-ASCII characters #207
  • Callback URL's not working #203
  • Support Lock10 with custom fields #195
  • Broken (or confusing?) flow in creating passwordless auth #194
  • Add support button pointing to support.auth0.com #178
  • Disable social logins #153

Merged pull requests:

  • 3.2.5 - Lock 10 custom fields + added avatars + bugfixes #237 (glena)
  • fix migration #228 (glena)
  • fix #227 (glena)
  • Fix federated clientid #226 (glena)
  • changed the federated client metadata url to be relative to th ehome … #225 (glena)

3.2.0 (2016-08-16)

Full Changelog

Merged pull requests:

3.1.4 (2016-07-01)

Full Changelog

Closed issues:

  • Lock blank after # #216

Merged pull requests:

3.1.3 (2016-06-15)

Full Changelog

Merged pull requests:

  • Add auth0_before_login hook and exception type #215 (schamp)
  • Fix some minor spelling issues in README.md #205 (thameera)

3.1.2 (2016-06-13)

Full Changelog

Merged pull requests:

  • refactor error handling, fix rules creation with site name, fix SLO #214 (glena)

3.1.1 (2016-06-06)

Full Changelog

Merged pull requests:

2.2.0 (2016-05-11)

Full Changelog

Closed issues:

  • Connection doesn't require username #202

Merged pull requests:

2.1.11 (2016-04-27)

Full Changelog

Closed issues:

  • auth0 account creation #192

Merged pull requests:

2.1.9 (2016-04-07)

Full Changelog

Closed issues:

  • Windows Live logo #190
  • Change name of plugin #187
  • Set up process online / offline #156

Merged pull requests:

2.1.8 (2016-04-05)

Full Changelog

Closed issues:

  • CTA for account creation #183

Merged pull requests:

2.1.7 (2016-04-05)

Full Changelog

Closed issues:

  • change error message #186
  • Make WP plugin installation entirely & fully automatic #184
  • Maybe trim CSS on feedback #182
  • tracking for "powered by..." image #180
  • import-export settings #175
  • help #170
  • Add a help tab #168

Merged pull requests:

2.1.6 (2016-03-23)

Full Changelog

2.1.5 (2016-03-23)

Full Changelog

Closed issues:

  • login box #177
  • css login issue #176
  • user export #174
  • auth0 logo on the quick start guide #173
  • online setup popup #172
  • quick start guide screen 1 #171
  • Quick Start Guide #169
  • settings / features / fullcontact #167
  • settings / features / MFA #166
  • settings / features / sso #165
  • Settings / Features / Password policy #164
  • setting text #163
  • title link #162
  • Auth0 settings / basic #161
  • Auth0 settings / Basic #160
  • Auth0 settings page / Basic #159
  • deleting plugin doesn't delete all data #158
  • setup text #157
  • Plugin description text #155
  • New plugin breaks due to callback URL mismatch? #146

2.1.4 (2016-03-18)

Full Changelog

Merged pull requests:

2.1.3 (2016-03-16)

Full Changelog

Closed issues:

  • MFA reset #149
  • Site login broken after updating the plugin to version 2 #143
  • Add a way to customize error pages like templates/verify-email.php #103
  • Docs changes #94

Merged pull requests:

2.1.2 (2016-03-15)

Full Changelog

2.1.1 (2016-03-11)

Full Changelog

2.1.0 (2016-03-08)

Full Changelog

Closed issues:

  • sso is loosing redirect\_to #150
  • Google Authenticator integration problems #148
  • Zipcode-Income throws an error #147
  • Errors in configuring plugin, with no clear path to fixing them... #145
  • Typo #144
  • Register #142
  • Change password #141
  • word order for App token required scopes very confusing #140
  • Bad Link - Enterprise - Google Apps #136
  • SSO state and lock exception. #109

Merged pull requests:

2.0.0 (2016-03-01)

Full Changelog

Closed issues:

  • check redirections in shortcode and widget #139
  • Social connections #135
  • Bad Link - Appearance Tab - Remember Last Login #134
  • Bad link - Appearance Tab - Username #133
  • Bad Link - Appearance Tab - Custom JS #132
  • Bad Link - Appearance Tab #131
  • Bad link - Features Tab #130
  • Dashboard Typo #129
  • Implicit Flow Bug #128
  • Users Export #127
  • Advanced Tab - Extra Settings #126
  • Advanced Tab - IP Ranges #125
  • Advanced Tab - Valid Proxy IP #124
  • Advanced Tab - Login Redirection URL #123
  • Advanced Tab - Auth0 implicit flow #122
  • Advanced Tab - User Migration #121
  • Advanced Tab - Social #120
  • Advanced Tab - Link users with same email #119
  • Advanced Tab - Remember Users Session: #118
  • No Token in Settings #117
  • No Buttons to Activate Social Login when Installing #116
  • Troubleshoting #115
  • Wordpress Auth0 plugin + 3rd party app (Thinkific) #114
  • License file needs an update to current version #111
  • Redirect to default domain also from aditional domain for different language #110
  • How do I pass the JWT to firebase from wp-auth0 #108
  • Plugin should check the WP Database when user isnt found in Auth0 Database #107
  • Not redirecting to admin path after SSO login #106
  • Install_db being called all the time... #104
  • Review design for setup pages #102
  • Refresh of settings page changes view - always opens "Features" #101
  • Add redirect param to auth0 shortcode config #92
  • Show widget in # mode #91
  • Consent flow TODOs #88
  • enhance the could not create user error #12

Merged pull requests:

1.3.6 (2015-10-01)

Full Changelog

Implemented enhancements:

  • Upgrade to API V2 #60

Closed issues:

  • Custom Registration Fields #100
  • Quick setup informational banner confusing #99
  • "This user does not have enough scopes..." error is confusing. #98
  • Remove the "create an application" informational error after setup complete. #97
  • Update wording for quickstart #96
  • Change name of plugin in WP dashboard to "Auth0 for WordPress" #95
  • Doesn't Seem that Lock Config Accepts "dict" parameter #93
  • Update user data on edit profile #90
  • # enabled issue with multisite #89
  • Add option to migrate users with custom data #85
  • upcoming #84
  • Auto redirect on preview post pages #83
  • Wordpress tries to auto login even when "Auto Login (no widget)" is unchecked #80
  • Support Storing Stripe id in Auth0 #77
  • Allow loading / saving Shipping Addresses used by WooCommerce in Auth0 Profile #76
  • add_menu_page/admin_menu conflicts with other plugins. #37
  • Session_start warnings #31

Merged pull requests:

  • fix #82 (glena)
  • Added access token to the login action + Merged PR #79 #81 (glena)

1.3.1 (2015-06-10)

Full Changelog

Closed issues:

  • Mixed content warning #75

Merged pull requests:

  • Fixed Mixed content warning #75 & added login action for issue #76 #77 #78 (glena)

1.3.0 (2015-06-01)

Full Changelog

Implemented enhancements:

  • Support for SSO #64

Merged pull requests:

1.2.7 (2015-05-28)

Full Changelog

Closed issues:

  • Add custom js to add custom buttons #73
  • Hardwired redirect url after login #71
  • State shouldn't be required #66
  • Enable new users creation on JWT authentication #57

Merged pull requests:

  • fix implicit wf in subdirectories, added custom JS #72 (glena)
  • New jwt auth integration + auto user creation with JWT #70 (glena)
  • Fix array notation #69 (glena)

1.2.4 (2015-05-21)

Full Changelog

Merged pull requests:

  • Fix error when the state param is not present #67 (glena)

1.2.3 (2015-05-19)

Full Changelog

Merged pull requests:

  • Fix issue with email verified requirement #65 (glena)

1.2.2 (2015-05-19)

Full Changelog

Implemented enhancements:

  • Auto Login (no widget) Does not work with WooCommerce My Account Login #45

Merged pull requests:

  • Added support for WooCommerce + updated info headers #63 (glena)

1.2.1 (2015-05-14)

Implemented enhancements:

  • Auth0 users with different accounts but same username will not be able to log into the site #52
  • Error: Could not create user. The registration process is not available. #48
  • Enhancement: Allow WordPress plugin to work in enterprise environment without internet access #42
  • Support redirecting to arbitrary URLs after login is succesful #29
  • Add link to create Auth0 Account #28
  • Validate settings before saving #24
  • Show WP Auth0 Logs somewhere so that we can easily diagnose problems #22
  • Add option to enter custom CSS #21
  • Make Widget options accessable by the Plugin #15
  • Make the widget showable as Shortcode and Widget #14

Fixed bugs:

  • No widget shown in latest release #20

Closed issues:

  • SDK Client headers spec compliant #61
  • Make usernames unique if it is already in use #58
  • Check text on "allow #" option in plugin settings #54
  • Why is Client Secret Needed #53
  • Client Secret Field in Settings should not be remembered by browser #44
  • Demo is down #43
  • wp-login?wle does not work when "Auto Login (no widget)" is enabled #38
  • Add fallback URL to log in with WP credentials even after disabling WP login #35
  • Wordpress login no longer works when the "Auto Login (no widget)" option is set. #34
  • Shortcode attributes are being ignored #33
  • Update to Lock #19
  • errors not being shown when something fails #18
  • add nice error message when exchange of token returns 401 #11
  • Don't show widget when registrations are not allowed. #5
  • Auto-create users option #4
  • plugin packaging and publish #3
  • after session times out the login widget is shown inside the iframe and after login the site is embedded in the iframe #2
  • lost your password #1

Merged pull requests:

  • Updated info headers #62 (glena)
  • Auth WP V1.2 #55 (glena)
  • Security vulnerability fix on login #51 (glena)
  • Add fallback URL to log in with WP credentials even after disabling WP login #35 #36 (glena)
  • Issues #24, #28 & #29 #30 (glena)
  • Add option to enter custom CSS #21 #27 (glena)
  • Issues ready to merge #26 (glena)
  • New popup widget & some small changes #23 (glena)
  • A0 widget #16 (glena)
  • New feature: Add a new config to allow people to access with the standar... #13 (glena)
  • Fix wp submision problems #10 (hrajchert)
  • Added screenshots #9 (hrajchert)
  • Many improvements #8 (hrajchert)

* This Change Log was automatically generated by github_changelog_generator