=== Antirius Auth Cloud ===
Contributors: antirius
Tags: login, authentication, telegram, whatsapp, messenger, bot, passwordless
Requires at least: 5.8
Tested up to: 6.7
Requires PHP: 7.4
Stable tag: 1.0.20
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Replace your WordPress login form with messenger-based authentication via Telegram, WhatsApp, or MAX.

== Description ==

Antirius Auth Cloud replaces the standard wp-login.php form with messenger authentication. Users confirm login through a Telegram, WhatsApp, or MAX bot.

**How it works:**

1. The login page loads Auth Cloud **widget.js** and runs **AuthBotsWidget.init** with your site settings.
2. The user scans a QR code or opens a messenger link and confirms login in the bot.
3. The widget reports success; the plugin verifies the JWT (JWKS) and signs the user into WordPress.

**Features:**

* Replaces wp-login.php with the Auth Cloud widget.
* JWT verification via JWKS public key (RS256).
* Optional auto-create WordPress users on first login.
* Configurable default role for new users.
* Match existing users by phone number only (WordPress user meta `phone`).
* Password fallback link on the messenger screen **enabled by default**; admins can hide it with an explicit opt-out checkbox.
* Emergency access to the standard WP login form with **?abc_bypass=1** (always available).
* Admin phone binding before phone-only matching is enforced.
* No Composer dependencies.

**Requirements:**

* An Antirius Auth Cloud account and application — [id.antirius.com](https://id.antirius.com).
* At least one messenger bot configured (Telegram, WhatsApp, or MAX).

== Installation ==

1. Upload the `antirius-auth-cloud` folder to `/wp-content/plugins/`.
2. Activate the plugin through the **Plugins** menu.
3. Go to **Settings → Antirius Auth Cloud**.
4. Enter your Antirius Auth Cloud URL and Application ID.
5. Bind the administrator phone if prompted (recommended for phone matching).
6. Visit your login page — it now uses messenger authentication.

== Frequently Asked Questions ==

= How do I open the standard WordPress login form? =

Add **?abc_bypass=1** to your login URL, for example: `https://yoursite.com/wp-login.php?abc_bypass=1`

A link to this URL is shown on the messenger login screen by default. To hide only the on-screen link, check **Hide password login on messenger screen** in plugin settings.

= Does this work with WooCommerce? =

WooCommerce integration is planned for a future release.

= Is it safe? =

The plugin verifies JWT tokens using RS256 public-key cryptography via the standard JWKS endpoint. No shared secrets are stored on your server.

== Changelog ==

= 1.0.20 =
* Phone-only user matching.
* Password fallback on messenger screen enabled by default; opt-out setting to hide the link.
* Legacy `show_wp_password_fallback` setting migrated when reading options.

= 1.0.18 =
* Bypass cookie and POST support for standard wp-login form after `?abc_bypass=1`.
