Authentication - TenthPres/TouchPoint-WP GitHub Wiki
TouchPoint-WP allows your users to sign in to WordPress with their TouchPoint credentials.
This is done by redirecting users to a TouchPoint script with a unique key. They'll be prompted to sign in to TouchPoint if they aren't signed in yet. Once signed in, the script exchanges keys with WordPress and redirects the user again back to WordPress where their session is authenticated. This is similar to how OAuth works.
To use this feature, check the box for "Enable Authentication" in the TouchPoint-WP Settings.
Once enabled, you will see a new settings tab for Authentication with additional options:
-
Make TouchPoint the default authentication method. If you check this box, your users (including the WordPress
admin) will no longer see the WordPress login screen, and instead will automatically be taken to the TouchPoint login
flow and returned to WordPress, logged in if possible. If you find that you have lost access as an admin, add the
tp_no_redirect
url parameter to the login page to access the regular WordPress login. In most WordPress installs, this means going to /wp-login.php?tp_no_redirect - Enable Auto-Provisioning When enabled, if a user logs in through TouchPoint but doesn't have a user profile in WordPress, a new profile will be created. New users are created with the "Subscriber" role. Read more about roles here. If disabled, when a new user logs in, they will receive error 177007. Enabling this is strongly recommended to prevent users from seeing the error.
- Change 'Edit Profile' links When enabled, the links users see to edit their own profile within WordPress will be replaced with links to access (and potentially edit) their Person record in TouchPoint. Enabling this is very strongly recommended to prevent users from inadvertently disassociating their TouchPoint and WordPress accounts.
- Enable full logout When enabled, users who click the Logout button in WordPress will also be logged out of TouchPoint. To make this transition smooth, it is strongly recommended to add the Login Shell script below to your login shell in TouchPoint.
- Prevent Subscriber Admin Bar With this option enabled, users who only have the Subscriber role (regardless of whether they were authenticated/created through TouchPoint) will not see the Admin bar typical for users who are logged into WordPress on public-facing pages.
Transitions between TouchPoint and WordPress for logged-in users can be a little bumpy in some particular circumstances.
To smooth these transitions, we recommend adding the script below to the shell you use for your TouchPoint login page.
This helps make sure redirects happen as expected, even when the user is logged out of one platform or the other.
In the example below, replace church.org with your church's WordPress domain.
<script defer src="https://church.org/touchpoint-api/auth/login.jsr"></script>
tp_no_redirect
If added to the url for the WordPress login, the user will not be redirected to the TouchPoint login
page regardless of whether TouchPoint is set as the default login mechanism.
tp_auto_redirect_login
If the option to use TouchPoint as the default login mechanism is enabled, this filter
allows more specificity as to when you want this redirect to happen. By default, this feature is disabled. However,
once enabled, by default, the plugin will redirect all login requests to TouchPoint.
tp_prevent_admin_bar
If the option to Prevent Subscriber Admin Bar is enabled, this filter allows more specificity of
whether to show the admin bar. By default, if this option is enabled, the admin bar will be hidden for any user with
the 'subscriber' role.