=== OLSA OAuth Login ===
Contributors: olsa
Tags: oauth, oauth2, login, sso, authentication
Requires at least: 6.0
Requires PHP: 7.4
Stable tag: 1.5.1
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Login to WordPress with OLSA using OAuth2 Authorization Code flow.

== Description ==

OLSA OAuth Login lets another WordPress site authenticate users against your OLSA platform using OAuth2 Authorization Code flow.

Features:
- Automatic callback URL generation
- Admin settings page for OAuth credentials
- Connection test for OAuth endpoints
- Automatic "Login with OLSA" button on the default WordPress login screen
- Login button shortcode
- Widget support
- Dynamic block support
- Automatic WordPress user creation and sign-in by email

Default endpoints used:
- /oauth/authorize
- /oauth/token
- /api/oauth/userinfo

== Installation ==

1. Copy the `olsa-oauth-login` folder into `wp-content/plugins/`.
2. Activate **OLSA OAuth Login** in **Plugins**.
3. Go to **Settings -> OLSA OAuth Login**.
4. Enter the OLSA Base URL, Client ID, and Client Secret.
5. Copy the displayed callback URL and register it in your OLSA OAuth client.

== Frequently Asked Questions ==

= What base URL should I use? =

Use the root URL of your OLSA app, for example `https://your-domain/olsa2`.
Do not add `/oauth`, `/api`, or `/public`.

= How do I place the login button? =

Use the shortcode:

`[olsa_login_button]`

You can also customize the text:

`[olsa_login_button text="Login with OLSA"]`

= Does it create WordPress users automatically? =

Yes. If the authenticated OLSA email does not already exist in WordPress, a new user is created automatically.

== Changelog ==

= 1.5.1 =
- Packaged download ZIP with files at ZIP root (no nested plugin folder)
- Kept plugin structure flat with all files in root level

= 1.4.9 =
- Added one-click plugin update button in About OLsA tab
- Plugin now reads update metadata from OLSA server and auto-installs latest package
- Published update channel files under /downloads on OLSA server

= 1.4.8 =
- Added Sync button next to OLSA Base URL field to auto-populate Client ID and Client Secret
- New OLSA backend endpoint POST /api/wordpress/register creates an OAuth2 client automatically

= 1.4.7 =
- Settings page now shows a visible plugin version badge near the title
- About tab heading is now dynamic: "About {Plugin Name}"

= 1.4.6 =
- About OLsA intro now uses dynamic plugin name from plugin header
- Completes metadata-driven branding text in settings UI

= 1.4.5 =
- About and settings footer now read Author and Author URI dynamically from plugin header
- Added Author URI plugin header metadata for fully metadata-driven branding card

= 1.4.4 =
- About OLsA branding panel now reads plugin name dynamically from plugin header
- Keeps version display dynamic from plugin header as introduced previously

= 1.4.3 =
- About OLsA branding panel now reads plugin version dynamically from plugin header
- Removes need to manually update version text in the settings UI

= 1.4.2 =
- Added a new "Plugin Branding" panel in the About OLsA tab
- Displays bundled OLSA logo preview, plugin version, and linked author profile

= 1.4.1 =
- Embedded OLSA PNG logo inside plugin assets for portable uploads
- Display logo on settings page and login buttons
- Updated settings-page author credit to link to https://www.zakariaralimam.com

= 1.4.0 =
- Added tabbed plugin settings UI with three main tabs: Connect, Test, and About OLsA
- Improved settings page organization for easier setup and diagnostics

= 1.3.5 =
- Switched login-page OAuth start to `wp-login.php?action=olsa_oauth_start` for improved compatibility
- Avoids front-end query and `/wp-admin/*` interception edge cases on hardened WordPress setups

= 1.3.4 =
- Fixed `wp-login.php` button flow for sites that block guest access to `/wp-admin/*`
- Login-page button now starts OAuth via a public front-end query endpoint

= 1.3.3 =
- Improved login-page button behavior by using a dedicated OAuth start endpoint for `wp-login.php`
- Keeps nonce-protected OAuth start flow for shortcode/widget/block buttons

= 1.3.2 =
- Automatically displays the OLSA login button on the default `wp-login.php` screen when OAuth settings are configured

= 1.3.1 =
- Fixed OAuth config test result logic: authorize endpoint HTTP 5xx now correctly fails the check
- Added stricter test handling for token/userinfo endpoint server errors

= 1.3.0 =
- Added OAuth endpoint connection test in settings
- Added callback URL copy helper
- Added shortcode, widget, and block login button support
- Added automatic WordPress user creation and login
