> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn how to extend the Login by Auth0 WordPress Plugin with hooks, filters, and functions.

# Extend Login by Auth0 WordPress Plugin

WordPress plugins can be extended to fit your specific requirements by using actions and filters to run custom code at specific points during runtime. This document outlines the existing hooks in the Login by Auth0 plugin. We're happy to review and approve new filters and actions that help you integrate even further in this plugin. To learn more, read the Contributing section in the [`README` in the plugin's GitHub repository](https://github.com/auth0/wordpress?tab=readme-ov-file#contributing).

## WordPress Actions

WordPress Actions run custom code at specific points during processing. To learn more about WordPress Actions, read [WordPress Plugin Handbook: Actions on wordpress.org](https://developer.wordpress.org/plugins/hooks/actions/).

### auth0\_before\_login

This action runs in `WP_Auth0_LoginManager` after a user has been authenticated successfully but before they have been logged into WordPress. It can be used to stop the login process if needed using `wp_die()` or throwing an exception.

### auth0\_user\_login

This action runs in `WP_Auth0_LoginManager` after a user has been authenticated successfully and logged into WordPress. It can be used to set specific meta values, send notifications, or ping other services.

### wpa0\_user\_created

This action runs in `WP_Auth0_Users` just after a WordPress user is successfully created. It can be used to change user values, set additional user metas, or trigger other new user actions.

## Filters

Filters in WordPress also run custom code at specific points during processing but always return a modified value of the same type that was passed in. To learn more about filters, read [WordPress Plugin Handbook: Filters on wordpress.org](https://developer.wordpress.org/plugins/hooks/filters/).

### auth0\_create\_user\_data

This filter can be used to modify the user data array when creating a new user in WordPress from an incoming Auth0 user. It receives 2 parameters:

* `$user_data` is the user data parsed from the Auth0 profile.
* `$userinfo` is the Auth0 user profile.

This filter should always return an array of data that will be passed to the core `wp_insert_user()` function.

### auth0\_get\_wp\_user

This filter is called after the plugin finds the related user to login (based on the auth0 `user_id`) and is used to override the default behavior with custom matching rules (for example, always match by email).

If the filter returns null, it will look up by email. To learn more, read [Integrate with WordPress](/docs/customize/integrations/cms/wordpress-plugin/integrate-with-wordpress).

### auth0\_verify\_email\_page

This filter runs in `WP_Auth0_Email_Verification` to change the HTML rendered when a user who is logging in needs to verify their email before gaining access to the site. Note that this HTML is passed to `wp_die()` where it is modified before being displayed (see the `_default_wp_die_handler()` definition in core for more information).

### auth0\_get\_auto\_login\_connection

This filter is used in `WP_Auth0_LoginManager` to modify what connection is used for the auto-login process. The setting in wp-admin is pulled and then passed through this filter.

### wp\_auth0\_get\_option

This filter is used by option-getting functions and methods to modify the output value.

### auth0\_migration\_ws\_authenticated

This filter is used in `WP_Auth0_Routes` to alter the WP\_User object that is JSON-encoded and returned to Auth0 during a user migration.

### wpa0\_should\_create\_user

This filter is used in `WP_Auth0_Users` when deciding whether a user should be created. The initial value passed in is `TRUE`. If `FALSE` is returned for any reason, registration will be rejected and the registering user will see an error message (`WP_Auth0_UsersRepo::create()`).

### auth0\_login\_css

This filter is used to modify the CSS on the login page, including the login widget itself. This filter runs before CSS is retrieved from the wp-admin settings page.

### auth0\_login\_form\_tpl

Filters the template used for the Auth0 login form. This should return a path to a file containing HTML that replaces what is in `wp-content/plugins/auth0/templates/auth0-login-form.php`. The standard Lock initiation JS looks for an ID attribute of `auth0-login-form` to instantiate the login form so make sure that's present or replace the `wp-content/plugins/auth0/assets/js/lock-init.js` file with your own.

### auth0\_settings\_fields

This filter is used to modify an existing form field or to add a new one. This should return a modified `$options` array with your changes or additions. New fields must have a field callback, as shown below.

### auth0\_auth\_scope

This filter allows developers to add or change the scope requested during login. This can be used to add [custom claims](/docs/secure/tokens/json-web-tokens/create-custom-claims) or request a <Tooltip tip="Refresh Token: Token used to obtain a renewed Access Token without forcing users to log in again." cta="View Glossary" href="/docs/glossary?term=Refresh+Token">Refresh Token</Tooltip>.

### auth0\_nonce\_cookie\_name

Use this filter to modify the cookie name used for <Tooltip tip="Nonce: Arbitrary number issued once in an authentication protocol to detect and prevent replay attacks." cta="View Glossary" href="/docs/glossary?term=nonce">nonce</Tooltip> validation. See the `auth0_state_cookie_name` filter below for an example.

### auth0\_state\_cookie\_name

Use this filter to modify the cookie name used for the state parameter value. This can add a prefix or suffix or replace the string entirely. To learn more about the state parameter, read [Prevent Attacks and Redirect Users with OAuth 2.0 State Parameters](/docs/secure/attack-protection/state-parameters).
Make sure to use valid characters in any modifications made:

`A <cookie-name> can be any US-ASCII characters except control characters (CTLs), spaces, or tabs. It also must not contain a separator character like the following: ( ) < > @ , ; : \ " / ? = { }.`

To learn more about the `Set-Cookie` HTTP response header, read [Set-Cookie in MDN Web Docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie).

### auth0\_settings\_constant\_prefix

Use this filter to change the prefix for the constant used to override plugin settings. Please note that this filter **must** run before the Auth0 plugin is loaded so it needs to be located in an MU plugin. To learn more about MU plugins, read [Must Use Plugins on wordpress.org](https://developer.wordpress.org/advanced-administration/plugins/mu-plugins/).

### auth0\_authorize\_url\_params

This filter allows developers to adjust the `/authorize` endpoint parameters as needed. The function must return a dictionary-type array of URL parameters. To learn more about how these parameters are used, read [Authentication API Explorer: Login](https://auth0.com/docs/api/authentication#login).

### auth0\_authorize\_url

This filter allows developers to adjust the complete `/authorize` URL before use. The function must return a valid URL as a string. To learn more about how this URL is used, read [Authentication API Explorer: Login](https://auth0.com/docs/api/authentication#login).

### auth0\_die\_on\_login\_output

This filter lets you modify or replace the HTML content passed to `wp_die()` when there is an error during login. This filter does not affect the verify email content (see auth0\_verify\_email\_page).

### auth0\_coo\_auth0js\_url

This filter lets you override the default CDN URL for Auth0.js when loading the COO fallback page.

### auth0\_slo\_return\_to

This filter lets you override the default `returnTo` URL when logging out of Auth0.

### auth0\_logout\_url

This filter lets you override the Auth0 logout URL. To learn more about how this is used, read [Logout](/docs/authenticate/login/logout).

### auth0\_use\_management\_api\_for\_userinfo

This filter determines whether or not user profile data retrieved from the <Tooltip tip="Management API: A product to allow customers to perform administrative tasks." cta="View Glossary" href="/docs/glossary?term=Management+API">Management API</Tooltip> should when you're not using the Implicit Login Flow. Return a boolean `true` (default) to use the API, `false` to use the <Tooltip tip="ID Token: Credential meant for the client itself, rather than for accessing a resource." cta="View Glossary" href="/docs/glossary?term=ID+token">ID token</Tooltip>.

### auth0\_lock\_options

This filter can be used to modify the options for the embedded Lock login form used in shortcodes, widgets, and on the wp-login.php page when **Features > <Tooltip tip="Universal Login: Your application redirects to Universal Login, hosted on Auth0's Authorization Server, to verify a user's identity." cta="View Glossary" href="/docs/glossary?term=Universal+Login">Universal Login</Tooltip> Page** is turned off.

### auth0\_jwt\_leeway

This filter lets you adjust the leeway time used to validate ID tokens and should return a number of seconds as an integer.

### auth0\_jwt\_max\_age

This filter lets you adjust the `max_age` URL parameter sent on the authorize URL.

### auth0\_authorize\_state

This filter lets you filter the state data before being encoded and used for login. This data will be verified after a successful login and provided as-is for use.

## Learn more

* [Integrate with WordPress](/docs/customize/integrations/cms/wordpress-plugin/integrate-with-wordpress)
* [Install Login by Auth0](/docs/customize/integrations/cms/wordpress-plugin/install-login-by-auth0)
* [Configure Login by Auth0](/docs/customize/integrations/cms/wordpress-plugin/configure-login-by-auth0)
* [Troubleshoot WordPress Plugin Invalid State Errors](/docs/customize/integrations/cms/wordpress-plugin/troubleshoot-wordpress-plugin-invalid-state-errors)