PHPackages axepress/wp-graphql-headless-login - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. axepress/wp-graphql-headless-login ActiveWordpress-plugin[Authentication & Authorization](/categories/authentication) axepress/wp-graphql-headless-login ================================== A WordPress plugin that provides headless login and authentication for WPGraphQL 0.4.4(8mo ago)10512.9k↓41.7%19[3 PRs](https://github.com/AxeWP/wp-graphql-headless-login/pulls)GPL-3.0-or-laterPHPPHP >=7.4CI passing Since Nov 26Pushed 1mo ago1 watchersCompare [ Source](https://github.com/AxeWP/wp-graphql-headless-login)[ Packagist](https://packagist.org/packages/axepress/wp-graphql-headless-login)[ RSS](/packages/axepress-wp-graphql-headless-login/feed)WikiDiscussions develop Synced 1mo ago READMEChangelog (10)Dependencies (29)Versions (32)Used By (0) [![Headless Login for WPGraphQL Logo](./assets/header.png)](./assets/header.png) Headless Login for WPGraphQL ============================ [](#headless-login-for-wpgraphql) A WordPress plugin that provides headless login and authentication for [WPGraphQL](https://wpgraphql.com), supporting traditional passwords, OAuth2/OpenID Connect, JWT, and more. - [Join the WPGraphQL community on Discord.](https://discord.gg/55h7WmYZff) - [Documentation](#usage) --- [![Packagist License](https://camo.githubusercontent.com/c72f620219a925bdde4a02bd8ae4379e86c3ff760b17e7b22f386f2445b18399/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f61786570726573732f77702d6772617068716c2d686561646c6573732d6c6f67696e3f636f6c6f723d677265656e)](https://camo.githubusercontent.com/c72f620219a925bdde4a02bd8ae4379e86c3ff760b17e7b22f386f2445b18399/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f61786570726573732f77702d6772617068716c2d686561646c6573732d6c6f67696e3f636f6c6f723d677265656e) [![Packagist Version](https://camo.githubusercontent.com/ee37a392e0dc9f218ee71eecb1621505de69925256e40e2fb618dd27fe089e28/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f61786570726573732f77702d6772617068716c2d686561646c6573732d6c6f67696e3f6c6162656c3d737461626c65)](https://camo.githubusercontent.com/ee37a392e0dc9f218ee71eecb1621505de69925256e40e2fb618dd27fe089e28/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f61786570726573732f77702d6772617068716c2d686561646c6573732d6c6f67696e3f6c6162656c3d737461626c65) [![GitHub commits since latest release (by SemVer)](https://camo.githubusercontent.com/3f06540e88dc562bbf6c35f280bd1deafaa7c6fec513c46944aa8df12e61a014/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f636f6d6d6974732d73696e63652f41786557502f77702d6772617068716c2d686561646c6573732d6c6f67696e2f302e342e34)](https://camo.githubusercontent.com/3f06540e88dc562bbf6c35f280bd1deafaa7c6fec513c46944aa8df12e61a014/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f636f6d6d6974732d73696e63652f41786557502f77702d6772617068716c2d686561646c6573732d6c6f67696e2f302e342e34) [![GitHub forks](https://camo.githubusercontent.com/7b3a66db498ab33691271d3b288e78b41ee636533bfe3da171bf02fe1b547a86/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f41786557502f77702d6772617068716c2d686561646c6573732d6c6f67696e3f7374796c653d736f6369616c)](https://camo.githubusercontent.com/7b3a66db498ab33691271d3b288e78b41ee636533bfe3da171bf02fe1b547a86/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f666f726b732f41786557502f77702d6772617068716c2d686561646c6573732d6c6f67696e3f7374796c653d736f6369616c) [![GitHub Repo stars](https://camo.githubusercontent.com/371d099ce33157d63da63de9992dd62707319204530b404b529d9113ec3177d0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f41786557502f77702d6772617068716c2d686561646c6573732d6c6f67696e3f7374796c653d736f6369616c)](https://camo.githubusercontent.com/371d099ce33157d63da63de9992dd62707319204530b404b529d9113ec3177d0/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f41786557502f77702d6772617068716c2d686561646c6573732d6c6f67696e3f7374796c653d736f6369616c) [![CodeQuality](https://camo.githubusercontent.com/6e9de581e3100e6ec91c72c129ab9d42983363fb99fb6b39315bb3c79b3c0d8b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f61786577702f77702d6772617068716c2d686561646c6573732d6c6f67696e2f636f64652d7175616c6974792e796d6c3f6272616e63683d646576656c6f70266c6162656c3d436f64652532305175616c697479)](https://camo.githubusercontent.com/6e9de581e3100e6ec91c72c129ab9d42983363fb99fb6b39315bb3c79b3c0d8b/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f61786577702f77702d6772617068716c2d686561646c6573732d6c6f67696e2f636f64652d7175616c6974792e796d6c3f6272616e63683d646576656c6f70266c6162656c3d436f64652532305175616c697479)[![Integration](https://camo.githubusercontent.com/50ce70cee7d9142ac763f1990c31fef6302242380e91c2c9a77c998ed0f53d25/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f61786577702f77702d6772617068716c2d686561646c6573732d6c6f67696e2f696e746567726174696f6e2d74657374696e672e796d6c3f6272616e63683d646576656c6f70266c6162656c3d496e746567726174696f6e25323054657374696e67)](https://camo.githubusercontent.com/50ce70cee7d9142ac763f1990c31fef6302242380e91c2c9a77c998ed0f53d25/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f61786577702f77702d6772617068716c2d686561646c6573732d6c6f67696e2f696e746567726174696f6e2d74657374696e672e796d6c3f6272616e63683d646576656c6f70266c6162656c3d496e746567726174696f6e25323054657374696e67)[![Coding Standards](https://camo.githubusercontent.com/d3829ad80142c8b4e1340b2c28ca11f73d8a0a986971b8942667c167c6695da3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f61786577702f77702d6772617068716c2d686561646c6573732d6c6f67696e2f636f64652d7374616e646172642e796d6c3f6272616e63683d646576656c6f70266c6162656c3d576f72645072657373253230436f64696e672532305374616e6461726473)](https://camo.githubusercontent.com/d3829ad80142c8b4e1340b2c28ca11f73d8a0a986971b8942667c167c6695da3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f61786577702f77702d6772617068716c2d686561646c6573732d6c6f67696e2f636f64652d7374616e646172642e796d6c3f6272616e63683d646576656c6f70266c6162656c3d576f72645072657373253230436f64696e672532305374616e6461726473)[![Coverage Status](https://camo.githubusercontent.com/893041c8c0ba5a63cf13d5646c1e05dd80732956b4727fd2707958696d8b67bb/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f41786557502f77702d6772617068716c2d686561646c6573732d6c6f67696e2f62616467652e7376673f6272616e63683d646576656c6f70)](https://coveralls.io/github/AxeWP/wp-graphql-headless-login?branch=develop) --- Description ----------- [](#description) Headless Login for WPGraphQL is a flexible and extensible plugin that allows headless WordPress sites to login and authenticate users via [WPGraphQL](https://wpgraphql.com) using a variety of authentication methods, including traditional WordPress credentials (username/password), [OAuth 2.0](https://oauth.net/2/) / [OpenID Connect](https://openid.net/connect/), [JSON Web Tokens (JWT)](https://jwt.io/), and more. This plugin is inspired by and aims to replace [WPGraphQL JWT Authentication](https://github.com/wp-graphql/wp-graphql-jwt-authentication) as more powerful, comprehensive, and flexible authentication solution for Headless WP. System Requirements ------------------- [](#system-requirements) - PHP 7.4+ - WordPress 6.2+ - WPGraphQL 1.14.0+ Quick Install ------------- [](#quick-install) 1. Install & activate [WPGraphQL](https://www.wpgraphql.com/). 2. Download the [latest release](https://github.com/AxeWP/wp-graphql-headless-login/releases) `.zip` file, upload it to your WordPress install, and activate the plugin. 3. Enable and configure the authentication providers you want to use in GraphQL > Settings > Headless Login. ### With WP-CLI [](#with-wp-cli) ``` wp plugin install https://github.com/AxeWP/wp-graphql-headless-login/releases/latest/download/wp-graphql-headless-login.zip --activate ``` ### With Composer [](#with-composer) ``` composer require axepress/wp-graphql-headless-login ``` Updating and Versioning ----------------------- [](#updating-and-versioning) Until we hit v1.0, we're using a *modified* version of [SemVer](https://semver.org/), where: - v0.**x**: "Major" releases. These releases introduce new features, and *may* contain breaking changes to either the PHP API or the GraphQL schema - v0.x.**y**: "Minor" releases. These releases introduce new features and enhancements and address bugs. They *do not* contain breaking changes. - v0.x.y.**z**: "Patch" releases. These releases are reserved for addressing issue with the previous release only. Development and Support ----------------------- [](#development-and-support) Development of Headless Login for WPGraphQL is provided by [AxePress Development](https://axepress.dev). Community contributions are *welcome* and **encouraged**. Basic support is provided for free, both in [this repo](https://github.com/AxeWP/wp-graphql-headnessl-login/issues) and in [WPGraphQL's official Discord](https://discord.gg/55h7WmYZff). Priority support and custom development are available to [our Sponsors](https://github.com/sponsors/AxeWP). [![](https://camo.githubusercontent.com/0f9e1b45a01d19d25b515dce9b59bb9faa9a4cccc5333c7166b8ba36c1059065/68747470733a2f2f696d672e736869656c64732e696f2f7374617469632f76313f6c6162656c3d53706f6e736f7225323055732532302534302532304178655750266d6573736167653d254532253944254134266c6f676f3d47697448756226636f6c6f723d253233666538653836267374796c653d666f722d7468652d6261646765)](https://github.com/sponsors/AxeWP) Supported Features ------------------ [](#supported-features) The following functionality is currently supported: - Authenticate with a [WordPress username and password](./docs/reference/mutations.md#login-with-a-traditional-username-password). - Pass and validate [OAuth 2.0 / OpenID Connect provider response](./docs/reference/mutations.md#login-with-an-oauth2openid-authorization-response) from the frontend. Supported providers (out of the box): - Facebook - GitHub - Google - Instagram - LinkedIn - OAuth2 - Generic: Any other OAuth 2.0 provider. - SAML authentication and more coming soon! - Use a [special Site Token](./docs/reference/mutations.md#login-with-a-site-token-and-user-identity) to support WordPress authentication with any externally-authenticated user identity (e.g. [Auth.js](https://authjs.dev/)). - Add your own Authentication Provider by [extending the `ProviderConfig` class](./docs/recipes/provider-config.md). - Authenticate with JWT tokens using a HTTP Authorization header. - [Set CORS headers](./docs/reference/settings.md) to allow or restrict access to the GraphQL endpoint. - Generate short-term `authToken`s and long term `refreshToken`s for seamless re-authentication in your headless app. - [Link a user account](./docs/reference/mutations.md#manually-link-the-wordpress-user-to-a-providers-resource-owner) to an authentication provider's resource owner, to allow users to authenticate with multiple providers. - Query the [enabled `loginClient` authorization urls](./docs/reference/queries.md#querying-login-clients), to use in your frontend's login buttons. - Extensive WordPress [actions](./docs/actions.md) and [filters](./docs/reference/filters.md) for customization of the plugin's behavior. - Log out all sessions for a user by [revoking](./docs/reference/mutations.md#revoke-the-user-secret) or [refreshing](./docs/reference/mutations.md#refresh-the-user-secret) their tokens, in GraphQL or the WordPress backend Profile Page. - Manage WooCommerce Sessions with [WPGraphQL for WooCommerce](https://github.com/wp-graphql/wp-graphql-woocommerce). - and more! Usage ----- [](#usage) ### Getting Started ( 🎯 You are here! ) [](#getting-started---you-are-here-) - [System Requirements](#system-requirements) - [Installation](#quick-install) ### Core Concepts [](#core-concepts) - [Terminology](./docs/core-concepts/terminology.md) - [How it works](./docs/core-concepts/how-it-works.md) ### Reference [](#reference) - [Admin Settings](./docs/reference/settings.md) - [GraphQL Queries](./docs/reference/queries.md) - [GraphQL Mutations](./docs/reference/mutations.md) - [Javascript API](./docs/reference/javascript-api.md) - [WordPress Actions](./docs/reference/actions.md) - [WordPress Filters](./docs/reference/filters.md) ### Recipes: [](#recipes) - [Server-side Authentication flow with Next.js](./docs/recipes/server-side-auth-next-api-routes.md) ( [demo](https://github.com/AxeWP/axepress-playground/blob/demo/server-side-auth/HowTo.md) ). - [Client-side Authentication flow with NextAuth.js](./docs/recipes/client-side-auth-nextauth.md) - [Adding custom `ProviderConfig`s](./docs/recipes/provider-config.md) Testing ------- [](#testing) 1. Copy `.env.dist` to `.env` if you need to override default test behavior. 2. Run `npm install` to install Node.js dependencies. 3. Run `npm run build` to build the plugin assets. 4. Run `npm run wp-env start` to start the WordPress test environment. 5. Run your test suite with [Codeception](https://codeception.com/docs/02-GettingStarted#Running-Tests) via wp-env. **Example test commands:** ``` # Run npm run test:php -- run wpunit npm run test:php -- run tests/functional/SomeFunctionalTest.php -vvv # Stop the environment when done npm run wp-env stop ``` ### Health Score 48 — FairBetter than 95% of packages Maintenance77 Regular maintenance activity Popularity41 Moderate usage in the ecosystem Community18 Small or concentrated contributor base Maturity47 Maturing project, gaining track record Bus Factor1 Top contributor holds 83.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~49 days Recently: every ~66 days Total 22 Last Release 241d ago PHP version history (3 changes)0.0.1PHP >=7.4 || ^8.0 0.0.4PHP >=7.4 || ^8.0 || ^8.1 0.1.1PHP >=7.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/33212bff2915bd72792772a2d3203abe0402352b6be6ba65081036f10560c6e6?d=identicon)[justlevine](/maintainers/justlevine) --- Top Contributors [![justlevine](https://avatars.githubusercontent.com/u/29322304?v=4)](https://github.com/justlevine "justlevine (224 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (37 commits)")[![jasonbahl](https://avatars.githubusercontent.com/u/1260765?v=4)](https://github.com/jasonbahl "jasonbahl (2 commits)")[![kidunot89](https://avatars.githubusercontent.com/u/13604318?v=4)](https://github.com/kidunot89 "kidunot89 (1 commits)")[![imjlk](https://avatars.githubusercontent.com/u/67102441?v=4)](https://github.com/imjlk "imjlk (1 commits)")[![ArkDouglas](https://avatars.githubusercontent.com/u/116569026?v=4)](https://github.com/ArkDouglas "ArkDouglas (1 commits)")[![alexookah](https://avatars.githubusercontent.com/u/9624843?v=4)](https://github.com/alexookah "alexookah (1 commits)") --- Tags authenticationgraphqlhacktoberfestheadlessheadless-wordpressjwtloginoauth2ssowordpresswordpress-pluginwp-graphqlwpgraphql ### Code Quality Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/axepress-wp-graphql-headless-login/health.svg) ``` [![Health](https://phpackages.com/badges/axepress-wp-graphql-headless-login/health.svg)](https://phpackages.com/packages/axepress-wp-graphql-headless-login) ``` ### Alternatives [google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[thenetworg/oauth2-azure Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[robsontenorio/laravel-keycloak-guard 🔑 Simple Keycloak Guard for Laravel 5161.1M3](/packages/robsontenorio-laravel-keycloak-guard)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[socialiteproviders/microsoft Microsoft OAuth2 Provider for Laravel Socialite 326.1M13](/packages/socialiteproviders-microsoft) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)