The Simple Membership plugin supports content protection.
When you log into WordPress using the Simple Membership login shortcode, the user can see content, based on their membership level.
Currently, when the user logs in (using the “Login via Passkey” button) the user is authenticated to the site, but they are not able to view any of the protected content.
Simple Membership uses its own login system separate from WordPress. However, it may be possible to bridge the two after a passkey login by using the secure_passkeys_login_redirect_url filter. That filter is called after a successful Secure Passkeys login.
That filter could call Simple Membership’s SwpmAuth class and use:
SwpmAuth->login_to_swpm_using_wp_user( $user )
to log the matching WordPress user into Simple Membership as well.
Agreed.
Claude Cowork offered-up (2) possible solutions for creating a bridge/integration between “Secure Passkey” and “Simple Membership”:
Path A — Flip the default filter value from FALSE to TRUE
Because Simple Membership is already listening on wp_login, the simplest possible integration is to tell Secure Passkeys to fire it. A single filter return value is enough.
add_filter(
'secure_passkeys_web_authn_validate_user_sign_in_enable_wp_login',
'__return_true'
);
Path B — An Explicit Bridge between the two plugins
If the site owner would rather not fire wp_login globally from the passkey flow, the same result can be achieved by hooking Secure Passkeys’s own custom action and calling the SWPM bridge directly. This is also the path to pick when there is non-trivial logic to run — for example, vetoing passkey logins for suspended Simple Membership accounts.
add_action( 'secure_passkeys_web_authn_sign_in', function ( $user ) {
if ( ! class_exists( 'SwpmAuth' ) ) { return; } // SWPM not loaded
$swpm = SwpmAuth::get_instance();
if ( $swpm->is_logged_in() ) { return; } // already bridged
$swpm->login_to_swpm_using_wp_user( $user );
}, 20, 1 );
As for me, I’m leaning towards Path B. An in-depth Integration report can be found here.
@mengelsen @amanandhishoe
I’ll review this and consider adding support in a future release.
For now, you can use the solution suggested above using filters and hooks, as it resolves your issue and makes it compatible with your setup.
Thank you
@endisha, can you tell me why wp_login (specifically:secure_passkeys_web_authn_validate_user_sign_in_enable_wp_login')
has a default value of FALSE (__return_false)?
Is there a security concern with having this value set to TRUE?
@mengelsen
Most 2FA plugins use wp_login action, which can cause login issues. In Secure Passkeys release 1.2.4 we added a secure_passkeys_web_authn_validate_user_sign_in_enable_wp_login filter that is disabled by default. If you need it in your case, you can enable it as needed.
Thread: https://ww.wp.xz.cn/support/topic/can-2fa-work-alongside-passkeys/
Thanks
