Update fork

README.md

@@ -1,8 +1,25 @@
 Wordpress Plugin for Auth0
 ====
 
+Single Sign On for Enterprises + Social Login + User/Passwords. For all your WorpdPress instances. Powered by Auth0.
+
 Demo: <http://auth0-wp.azurewebsites.net>
 
+[Wordpress Readme](https://github.com/auth0/wp-auth0/blob/master/readme.txt)
+
+## Screenshots
+
+![](https://raw.githubusercontent.com/auth0/wp-auth0/master/screenshot-1.png)
+
+![](https://raw.githubusercontent.com/auth0/wp-auth0/master/screenshot-2.png)
+
+![](https://raw.githubusercontent.com/auth0/wp-auth0/master/screenshot-3.png)
+
+![](https://raw.githubusercontent.com/auth0/wp-auth0/master/screenshot-4.png)
+
+![](https://raw.githubusercontent.com/auth0/wp-auth0/master/screenshot-5.png)
+
+![](https://raw.githubusercontent.com/auth0/wp-auth0/master/screenshot-6.png)
 
 Contributed by
 =====

readme.txt

@@ -1,62 +1,93 @@
 === Wordpress Auth0 Integration ===
-Tags: Login, oauth, authentication, facebook, google
+Tags: login, oauth, authentication, single sign on, ldap, active directory, saml, windows azure ad, google apps, two factor, two-factor, facebook, google, twitter, baidu, renren, linkedin, github, paypal, yahoo, amazon, vkontakte, salesforce, box, dwolla, yammer
 Tested up to: 3.9
 Requires at least: 3.8
 License: MIT
 License URI: https://github.com/auth0/wp-auth0/blob/master/LICENSE.md
 Stable tag: trunk
-Contributors: 1337 ApS, hrajchert
+Contributors: hrajchert, rrauch
 
-Provides Single Sing On to your wordpress site. You can use different auth providers as facebook, google, twitter, active directory, etc
+Single Sign On for Enterprises + Social Login + User/Passwords. For all your WorpdPress instances. Powered by Auth0.
 
 == Description ==
-This plugins allows you to extend the default user implementation and use the service provided by www.auth0.com
 
-You can make your users to login with facebook, google, linkedin, etc by a click of a button
+This plugin gives WordPress a new Login Widget (powered by [Auth0](https://auth0.com)) that enables:
 
+* Single Sign On with **Enterprise Directories** (LDAP, AD, Google Apps, Office365 and SAML Provider)
+* Shared **User/Password between multiple Wordpresses** for Single Sign On
+* Single Sign On with **+30 Social Providers** (https://docs.auth0.com/identityproviders)
+* **User Management** Dashboard
+* Optional **Two Factor Authentication**
+* Single Sign On between Wordpress and other Applications
+* **Reporting and Analytics**
+
+... and **we use multi hash iterations algorithm to store users passwords (bcrypt)**, meaning that you won't have issues with hackers trying to get into your web site.
 
 == Installation ==
 
-Before you start, make sure the admin user has a valid email that you own, read the Technical Notes for more information.
+Before you start, **make sure the admin user has a valid email that you own**, read the Technical Notes for more information.
 
-1. Install from the wordpress store or upload the entire `wp-auth0` folder to the `/wp-content/plugins/` directory.
+1. Install from the WordPress Store or upload the entire `wp-auth0` folder to the `/wp-content/plugins/` directory.
 1. Activate the plugin through the 'Plugins' menu in WordPress.
-1. In `settings` - `Auth0 Settings` edit the *Domain*, *Client ID* and *Client Secret* from your auth0 dashboard
-1. Go to your auth0 dashboard, edit your application and add this to the available callbacks http://<your-domain>/index.php?auth0=1
+1. Create an account in Auth0 (https://auth0.com) and add a new PHP Application. Copy the Client ID, Client Secret and Domain from the Settings of the Application.
+1. On the Settings of the Auth0 application change the Callback URL to be: `http://your-domain/index.php?auth0=1`. Using **TLS/SSL** is **recommended for production**.
+1. Go back to Wordpress `Settings` - `Auth0 Settings` edit the *Domain*, *Client ID* and *Client Secret* with the ones you copied from Auth0 Dashboard.
 
 == Screenshots ==
 
-1. The new login page
+1. The new login page on Wordpress
 2. The admin to configure the plugin
-3. Auth0 admin to create a new Application
-4. You can enable or disable social plugins
+3. Auth0 dashboard to create a new Application
+4. Enable or disable social plugins from the Auth0 dashboard
 5. This is what happens if you are in the admin and your session expires
-6. You can configure enterprise connections
+6. Configure enterprise Connections
 
 == Technical Notes ==
 
-By using this plugin you are delegating the site authentication to Auth0, if a user is valid for Auth0 it will be valid for your site.
-
-When you install this plugin you have at least one existing user in the database, the admin user, and if the site ain't new, you probably have more. We want you to conserve those users! you want to be able to login as admin again, right ;)?
+**IMPORTANT**: By using this plugin you are delegating the site authentication to Auth0. That means that you won't be using the WordPress database to authenticate users anymore and the default WP login box won't show anymore. However, we can still associate your existing users by merging them by email. This section explains how.
 
-Auth0 allows you to have different ways to authenticate, you can have social providers like facebook, twitter, google+, etc or you can have database users (just like wordpress!). All those providers MAY have an email and that email can be verified or not. We use that email (only if its verified) to join a previous existing user with the one from Auth0.
+When you install this plugin you have at least one existing user in the database (the admin user). If the site is already being used, you probably have more than just the admin. We want you to keep those users, of course.
 
-There are two main scenarios that you need to keep in mind:
- * The user logs in via database
- * The user logs in via a social provider
+= Migrating Existing Users =
 
-For now, if you add a database connection, you will start with no users (we plan to add an import feature later). But you still can claim your old user. To do so, you will need to signup using the login widget and then validate your account by clicking on the verification link in the email you'll receive. For database connections, if there was a previous user with that email you will require to verificate the address.
+Auth0 allows multiple authentication providers. You can have social providers like Facebook, Twitter, Google+, etc., you can have a database of users/passwords (just like WordPress but hosted in Auth0) or you can use an Enterprise directory like Active Directory, LDAP, Office365, SAML and others. All those authentication providers might give you an email and a flag indicating whether the email was verified or not. We use that email (only if its verified) to associate a previous **existing** user with the one coming from Auth0.
 
-If the user logs in via a social provider, it may have a verified email. If it does, and its the first time the user logs in using that social provider, the plugin will asociate that social account with the previous existing user (that has the same email)
+If the email was not verified and there is an account with that email in WordPress, the user will be presented with a page saying that the email was not verified and a link to "Re-send the verification email".
 
-For both scenarios you may configure in the admin to require that the user has a verified email or not.
+For both scenarios you may configure in the WP admin whether is mandatory that the user has a verified email or not.
 
-In any case, you may end up with a situation where a user has two accounts. Remember that wordpress allows you to do something similar to a user merge. To do so, you need to delete an account and attribute its contents to the user you want to merge with. You can go to Users, select the account you want to delete, and in the confirmation dialog you can select another user to attribute content.
+= Accesing Profile Information =
 
 Wordpress defines a function called `get_currentuserinfo` to populate the global variable `current_user` with the logged in WP_User. Similary we define `get_currentauth0userinfo` that populates `current_user` and `currentauth0_user` with the information of the [Normalized profile](https://docs.auth0.com/user-profile)
 
+== Frequently Asked Questions ==
+
+= What should I do if I end up with two accounts for the same user? =
+
+In any case, you may end up with a situation where a user has two accounts. Remember that wordpress allows you to do something similar to a user merge. To do so, you need to delete an account and attribute its contents to the user you want to merge with. You can go to Users, select the account you want to delete, and in the confirmation dialog you can select another user to transfer the content.
+
+= Can I customize the Login Widget? =
+
 You can style the login form by adding a filter like this
 
  add_filter( 'auth0_login_css', function() {
  return "form a.a0-btn-small { background-color: red }";
  } );
+
+The Login Widget is Open Source. For more information about it: https://github.com/auth0/widget
+
+= Can I access the user profile information? =
+
+Wordpress defines a function called `get_currentuserinfo` to populate the global variable `current_user` with the logged in WP_User. Similary we define `get_currentauth0userinfo` that populates `current_user` and `currentauth0_user` with the information of the user. Auth0 normalizes the profile between all providers and will provide any extra attributes. [Read more here](https://docs.auth0.com/user-profile)
+
+= When I install this plugin, will existing users still be able to login? =
+
+Yes. Read more about the requirements for that to happen in the Technical Notes.
+
+= What authentication providers do you support? =
+
+For a complete list look at https://docs.auth0.com/identityproviders
+
+= "This account does not have an email associated..." = 
+
+If you get this error, make sure you have checked the Email attribute in the Auth0 Dashboard under Connections -> Social (expand each provider). Some will provide it by default, others like Facebook or Windows Live not. Twitter for instance, won't provide an email. You might decide