Considering a case, if you are logged in to your other site/app (either WordPress, non-WordPress sites or mobile app) and then if you access the WordPress site page from there , or open the WordPress site in a separate tab in the same browser, you want to improve the user experience by not asking them for login again in the WordPress site and ideally should get logged in automatically and everything should be smooth.

miniOrange provides you with multiple options to achieve this auto-login to provide your users with the best possible experience by asking them to authenticate in just one platform and access other platforms based on their first-time authentication response.

Below are the scenarios in which your use case can fall -

1. Auto-login in WordPress if you are logged in already to your third-party OAuth/OpenID Connect provider app.

Suppose, if you have your users stored in third-party OAuth/OpenID connect platforms like Microsoft Azure, Okta, Keycloak, Google, Facebook, etc and if they are already logged in to the respective platforms and access your WordPress site, then they should be able to get logged in automatically and their session can be synchronized. So, this can be achieved using our WordPress OAuth & OpenId Connect Client Single Sign-On (SSO) plugin, in which you can create an application for your third-party providers and then use the Force Login Feature if the user session exists on a third-party OAuth/OIDC provider in the browser then on accessing the WordPress site page, the user session will be synchronized and the seamless login will happen.

2. Auto-login in WordPress if other sites share the same subdomain (Seamless Login with No redirection) - JWT Cookie Based Technique

Suppose, if you have multiple WordPress sites sharing the same subdomain or a single WordPress site sharing the same subdomain with other Non-WordPress sites. So, if a user is logged in to any of the multiple sites first, then using our JWT Cookie-based solution, the JWT token can be created for that user and can be set under the domain cookie. Now, the encrypted cookie can be used to fetch the JWT token on sites of access to other sites, then user information cab retrieved from the JWT after successfully validating it, and the user can be logged in there. This approach provides a seamless user experience without needing to redirect to the authentication provider. The use case be achieved using our WP Login and Register using JWT.

3. Auto-login in WordPress if other site does not share the same subdomain (Session Sync from Mobile app to WordPress) - JWT based redirection Technique

Suppose, if you have a WordPress site and mobile app or a WordPress site with other sites not sharing the same subdomain, then JWT based redirection approach can be used in which if the user login into another site or mobile app then, the JWT token can be created for that user and can be stored temporarily. Once the user clicks on the WordPress site page, the JWT token created earlier can be passed as the query parameter in the redirect request, our solution will then fetch the JWT token from the query parameter and validate that, on successful validation, the user will be logged in automatically.

  Recommended Plugins

 Download the below miniOrange SSO plugin for Auto-login in WordPress .

Additional Resources

• WordPress Login & Register using JWT
• Single Sign-On (SSO) into your WordPress sites

Mail us on oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.