=== Gatey - Login & SSO with Amazon Cognito === Contributors: smartcloud Tags: cognito, login, user management, mfa, sso Requires at least: 6.7 Tested up to: 6.8 Requires PHP: 8.1 Stable tag: 1.2.2 License: MIT License URI: https://mit-license.org/ Text Domain: gatey Drag-and-drop Amazon Cognito integration for WordPress: 22-language Authenticator screens, SSO, MFA, secure API access, and more—in minutes. == Description == Gatey provides a seamless integration with Amazon Cognito for secure, scalable authentication in WordPress. This plugin supports both dynamic WordPress sites and statically generated WordPress frontends. Key features include: - Amazon Cognito user pool login and registration - SSO support with customizable pages - Gutenberg block and Elementor shortcode support - Multi-factor authentication (MFA) - Profile editing and password reset features - Secure API access with JWT or AWS IAM Signature authorization - Role-based access control - Fully translatable Authenticator screens — 22 built-in languages plus a custom-JSON option for overriding any string or adding new languages You can find the plugin’s continuously expanding, detailed documentation at: [WP Suite - Gatey](https://wpsuite.io/gatey/docs/ “Gatey Docs”) What’s on the site? - Get Started guide — quick start, installation, first‑time setup. - CSS/JS references — components, API, usage examples. - Creating User Pools — step‑by‑step instructions with AWS CloudFormation / CDK scripts. - Protecting static sites — full tutorial with point‑by‑point walkthroughs and AWS scripts. This plugin is not affiliated with or endorsed by Amazon Web Services or the WordPress Foundation. All trademarks are property of their respective owners. == Free and Premium Usage Notice == Gatey works entirely offline and provides full login and registration functionality via your WordPress installation without requiring any registration or subscription. Optional premium features (like advanced customization or frontend integrations) are only available after connecting your WordPress instance via a secure frontend-only JavaScript authenticator to our Gatey service. Registration and subscription are not required to use the core plugin functionality. All premium interactions happen client-side using standard AWS Amplify and Stripe components – no external PHP code is loaded or executed. == Installation == Upload the plugin files to the /wp-content/plugins/gatey directory, or install via the WordPress plugin repository. Activate the plugin through the “Plugins” screen in WordPress. Navigate to WP Admin > Gatey > Settings to configure your AWS Cognito user pool and integration settings. == Frequently Asked Questions == = What is Gatey? = Gatey is a WordPress plugin that lets you integrate AWS Cognito authentication into your site — using Gutenberg blocks, shortcodes, or CSS. No coding required. = Is my user data stored or processed by Gatey? = No. All authentication runs through your own AWS Cognito setup. Gatey simply integrates it into WordPress. We do not access or store your end‑user data. = Is my data shared with any third party? = Gatey never shares your personal data or WordPress site data with any third party. Authentication flows run directly between your site and your AWS Cognito user pool. If you enable premium features, subscription management is handled securely via Stripe using hosted forms and client‑side JavaScript. No payment data is stored or processed by Gatey. = Do I need AWS or Cognito knowledge to use it? = Basic AWS Cognito setup is needed (e.g. user pool, app client). But the plugin handles all frontend logic — sign‑in, sign‑up, MFA, attribute access — visually. = Can I show or hide content based on the logged‑in user? = Yes. You can use shortcodes or CSS variables like --gatey-account-group-admin or --gatey-account-attribute-email to control visibility. = Is Gatey compatible with my theme? = Yes. It works with all WordPress themes and builders like Elementor, using Gutenberg blocks or shortcodes. = Do I need to register or subscribe to use Gatey? = No. Gatey works fully offline out of the box and requires no registration or subscription to function. You can configure your AWS Cognito user pool directly inside WordPress and use login, registration, MFA, and profile features without ever connecting to wpsuite.io. Premium features are entirely optional and only become available after connecting your site using secure client‑side JavaScript. = What’s the difference between plans? = Free includes all core blocks, but frontend customizations are hidden. Basic shows custom blocks on live pages. Professional unlocks social login, JWT/IAM‑secured APIs, and advanced Gatey control. = Where are the subscription-based configuration files stored, and how often are they refreshed? = All Pro settings you create in the Gatey Settings—API Settings, custom Form Fields—are saved server-side and, whenever you hit Save, an encrypted copy is written to your site’s wp-content/uploads/ folder. The small licence file needed to decrypt that config are also stored in uploads. A licence is valid for one month, so the plugin automatically downloads a fresh file every seven days while your subscription is active. If you run a static export, you’ll still need that weekly refresh (a short tutorial covers this topic), but a normal WordPress install handles it for you automatically. = Can I cancel or upgrade later? = Yes, at any time. The plugin will still work in Free mode, and your site’s blocks won’t break — only premium features will deactivate. == Screenshots == Drag‑and‑drop Sign‑in block in the Gutenberg editor Drag-and-drop **Sign-in** block in the Gutenberg editor (Arabic, RTL view) Account attribute shown for a logged‑in user User profile form with attribute editing Custom Sign-in screen overridden with WordPress blocks Custom Sign‑up form rendered on a live page Custom Setup TOTP device form rendered on a live page Admin settings page showing the Gatey configuration wizard == External Services == This plugin integrates with the following third-party services: 1. **Amazon Cognito** - **What it is & what it’s used for:** A managed user-identity and authentication service from Amazon Web Services (AWS). We use Cognito User Pools to handle user registration, login, multi-factor authentication (MFA), password resets, and JWT issuance. - **What data is sent & when:** - **Registration / Sign-up:** username, email, and any required attributes are sent to Cognito for account creation. - **Sign-in / Authentication:** username and password (and MFA code if enabled) are sent to Cognito for verification. - **Token exchange:** on successful login, Cognito returns ID, access, and refresh tokens which are stored client-side for session management. - **Password reset & profile updates:** relevant identifiers and new credentials or attributes are sent when users trigger those flows. - **Endpoints called:** - `https://cognito-idp.{region}.amazonaws.com/{userPoolId}` - Other AWS API endpoints under the `amazonaws.com` domain. - **Links:** - Terms of Service: https://aws.amazon.com/service-terms/ - Privacy Policy: https://aws.amazon.com/privacy/ 2. **Google reCAPTCHA v3** - **What it is & what it’s used for:** A client-side bot-detection widget from Google that provides a score for interactions. We integrate reCAPTCHA v3 into the Authenticator block’s sign-up form by fetching a token in the browser. - **What data is sent & when:** - **Client-side only:** the plugin’s JS calls `grecaptcha.execute()` to retrieve a reCAPTCHA token and then includes that token in the sign-up request sent to Amazon Cognito. - **Server-side verification:** only happens if *you* configure a Pre-SignUp Lambda in your Cognito user pool that calls Google’s `siteverify` API with your secret key. That Lambda is wholly under your control—Gatey does *not* handle or store your secret. - **Configuration in WordPress:** - Enter your **reCAPTCHA v3 Site Key** in **Settings → General → reCAPTCHA v3 Public Key**. - No Secret Key is required by the plugin. - **Links:** - About reCAPTCHA v3: https://www.google.com/recaptcha/about/ - Google Terms of Service: https://policies.google.com/terms - Google Privacy Policy: https://policies.google.com/privacy == Client-Side Libraries == 1. **AWS Amplify Authenticator** - **What it is & why we use it:** A React UI component library from the Amplify Framework. We embed its `` component inside our Gutenberg block to render and manage the login/signup flows. - **What it does:** - Renders sign-in, sign-up, MFA, and password-reset forms. - Under the hood it calls the Amazon Cognito APIs (see External Services entry), but **does not** itself authenticate or store secrets. - **Docs & source:** - GitHub repo: https://github.com/aws-amplify/amplify-ui - Docs: https://ui.docs.amplify.aws/react/connected-components/authenticator == Trademark Notice == Amazon Web Services, AWS, and Amazon Cognito are trademarks of Amazon.com, Inc. or its affiliates. Gatey is an independent open-source project and is **not affiliated with, sponsored by, or endorsed by Amazon Web Services**. All references to “Amazon Cognito” are made purely to describe this plugin’s interoperability. == Source & Build == **Public (free) source code:** All of the code that ships in this public ZIP (the “free” version) is published here: https://github.com/smartcloudsol/gatey **Premium-only features:** We maintain a fork of the AWS Amplify Authenticator (with Edit Account, Setup TOTP, etc.) and any additional paid-only screens and services in a private repository. Those files are not part of this public source. == Changelog == = 1.2.2 = Added “**Auto (by language)**” to the Direction setting: the Authenticator now switches to RTL for Arabic or Hebrew and stays LTR for all other languages. You can still override this at any time by selecting **LTR** or **RTL** explicitly. = 1.2.1 = Added a Custom Translations URL field under Gatey › Settings › General. Point it to a JSON file to override any of the 22 built-in languages—or add completely new languages—without touching the code. = 1.2.0 = The front-end Authenticator screens are now fully localised: choose from 22 languages and switch text direction (LTR / RTL) as needed. = 1.1.2 = Refined the Settings screen: subscription-management actions now appear only for users who have permission to manage the site’s active plan. = 1.1.1 = Added the JavaScript chunks that were accidentally left out of 1.1.0; all blocks and admin screens now load correctly. = 1.1.0 = New on-disk configuration system eliminates all front-end config downloads. Config + weekly licence file now live in the WordPress uploads folder (static exports still refresh the licence weekly). Because downloads are gone, **all plans are now flat-priced—there is no longer any “Additional Usage” charge**. The admin screen makes it clear whether the site is linked to a WPSuite workspace and whose workspace it is. = 1.0.5 = Added new style controls (typography, spacing, colours, etc.) to the Account Attribute block and fixed a configuration-loading bug that could prevent the admin UI from appearing. = 1.0.4 = Authenticator block: added optional trigger‑button properties — render a button first, and open the Authenticator only after users click it. Perfect for building lean profile pages (see updated Get Started guide). Account block: now supports full Gutenberg styling controls — alignment, custom HTML tag, box‑shadow, spacing (margin/padding), min‑height, typography (font‑size, line‑height, text‑align) and color (background & text). = 1.0.3 = Bumped the Authenticator block version to invalidate cached frontend assets—ensures the updated view.js is loaded. No functional changes. = 1.0.2 = Pro features for an already‑connected site can now be edited even if the WordPress administrator is not logged in to wpsuite.io. Fixed [gatey] shortcode: the screen, variation, and colormode attributes are now honoured (previously only the pattern defaults were shown). = 1.0.1 = Authenticator block: added optional “Signing in”, “Signing out” and “Redirecting” message fields, so you no longer need to listen for gatey‑authenticator events for basic feedback. Defaults are empty. = 1.0.0 = Initial release. == Upgrade Notice == = 1.2.2 = Update to get automatic text-direction handling, with the option to force LTR or RTL manually whenever you need. = 1.2.1 = After updating, head to Settings › General to supply your own translation-JSON URL and tailor the Authenticator text in any language you need. = 1.2.0 = After updating, open the Authenticator block or shortcode attributes to pick your preferred language and direction—no more English-only UI. = 1.1.2 = Update to hide subscription controls from non-authorised admins and keep the Settings menu clean. = 1.1.1 = This update only restores missing JS assets. Install it to ensure every Gatey block and the admin UI work as expected. = 1.1.0 = After updating, config and licence files are stored locally, the admin panel shows clearer linkage details, and pricing is simpler: every plan is pay-once with no extra usage fees. = 1.0.5 = This update restores the admin interface and unlocks extra styling options for the Account Attribute block; review the block’s settings to fine-tune its appearance after upgrading. = 1.0.4 = New trigger‑button option for the Authenticator block and full Gutenberg style support in the Account block. Update to simplify profile‑page layouts and unlock richer styling options. = 1.0.3 = This release only bumps the Authenticator block version to refresh cached view.js assets. No functional changes—safe to update immediately. = 1.0.2 = You can now edit Pro feature settings for a connected site without logging in to wpsuite.io. The release also fixes the [gatey] shortcode so that screen, variation, and colormode attributes work as expected. = 1.0.1 = You can now customise the messages shown while users are signing in, signing out, or being redirected. Leave the new fields blank to keep the previous silent behaviour, or remove any custom JavaScript listeners you added for the corresponding events. = 1.0.0 = Initial stable release.