外掛標籤
開發者團隊
原文外掛簡介
The DocCheck Access plugin integrates DocCheck’s OAuth2 authentication system into your WordPress site, allowing medical professionals to log in using their DocCheck credentials.
Note: Using DocCheck Access requires the Economy or Business license model. This plugin cannot be used with the Basic license model. Please contact DocCheck for details on available license models.
Features
Adds a DocCheck login button via shortcode or automatic page-level protection
OAuth 2.0 Authorization Code flow with PKCE for secure authentication
Two authentication modes: Anonymous Session and WordPress User creation
Per-page and global content protection with role-based access control
Configurable scope and user metadata mapping
Template override support for protected pages
Hooks and filters for developers to customize behavior
External Services
This plugin connects to the following external services:
DocCheck OAuth Server (https://auth.doccheck.com)
Used to exchange the OAuth authorization code for an access token and to retrieve the authenticated user’s profile data. This connection is only made when a visitor actively clicks the DocCheck login button. Please refer to the DocCheck Privacy Policy and DocCheck Terms of Service.
DocCheck CDN (https://dccdn.de)
The DocCheck login button is a web component whose script is served from DocCheck’s CDN. It is loaded only on pages where the [docacc_login] shortcode or page-level protection is active — not on every page. Please refer to the DocCheck Privacy Policy.
No data is transmitted to any other third-party service.
Requirements
WordPress 5.0 or higher
PHP 7.2 or higher
A DocCheck OAuth client ID and client secret (obtainable from DocCheck)
General Settings
Go to Settings > DocCheck Login in your WordPress admin to configure the plugin. You can also open the settings directly from the Settings link on the WordPress plugins overview screen.
OAuth Credentials
Client ID — Your DocCheck OAuth Client ID.
Client Secret — Your DocCheck OAuth Client Secret.
Redirect URI — Auto-generated based on your site URL. Copy this value into your DocCheck application settings.
Redirection & Debug
Default Target Page — The page users land on after a successful login.
Debug Mode — Logs detailed API and authentication information. Disable on production sites.
Content Protection
Make all Pages Private — Requires DocCheck login for every page on the site.
Auto-assign Parent Configurations — Child pages automatically inherit their parent page’s protection status.
Login Button Version — Pin a specific component version (e.g. 3.2.7) or use @latest to always load the most recent version.
User Management
Authentication Modes
Anonymous Session — Users are authenticated via DocCheck but no WordPress user account is created. Data is held only for the duration of the PHP session and is not stored permanently.
WordPress User — A WordPress user account is created or linked on the visitor’s first DocCheck login. Allows persistent storage of user properties and role-based access control.
Role & Metadata
Default User Role — The WordPress role assigned to newly created DocCheck users. Only low-privilege roles (those without manage_options or edit_others_posts capabilities) are available for selection. Administrator and Editor roles cannot be assigned to DocCheck users.
Automatic User Creation — Disabled by default. In WordPress User mode, local user creation for first-time DocCheck logins must be explicitly enabled by an administrator.
Scope & Property Selection — Choose which DocCheck scopes to request and which user properties to store as WordPress user metadata.
Developer Hooks
Actions
docacc_user_created — Fires after a new WordPress user is created via DocCheck login.
Parameters: $user_id (int), $user_data (array)
docacc_user_logged_in — Fires when an existing user logs in via DocCheck.
Parameters: $user_id (int), $user_data (array)
docacc_session_created — Fires when a user is authenticated in anonymous session mode.
Parameters: $user_data (array)
Filters
docacc_map_role — Customize role assignment based on DocCheck user data.
Parameters: $current_role (string), $user_data (array), $user_id (int)
Note: roles with manage_options or edit_others_posts capabilities are silently rejected for security reasons.
docacc_protected_template — Override the template used for protected pages.
Parameters: $template (string)
docacc_is_authenticated — Override the authentication check result.
Parameters: $authenticated (bool)
docacc_user_data — Modify the DocCheck user data array before it is used.
Parameters: $user_data (array)
Template Functions
// Check if the current visitor is authenticated via DocCheck
docacc_is_authenticated(); // returns bool
// Get the authenticated user's DocCheck profile fields
docacc_get_user_data(); // returns array, empty if not authenticated
Example in a theme template:
Custom Protected Page Template
Create doccheck-protected.php in your active theme directory — the plugin uses it automatically. Or override via filter:
add_filter( 'docacc_protected_template', function( $template ) {
return get_stylesheet_directory() . '/my-protected-template.php';
} );
User Metadata Stored
In WordPress User mode, the following meta fields are stored per user (subject to selected scopes):
docacc_unique_id — DocCheck unique identifier (always stored)
docacc_profession — Profession name
docacc_country — Country ISO code
docacc_language — Interface language
first_name, last_name — Name fields
docacc_email — Email address
docacc_discipline_name — Medical discipline
docacc_activity_name — Activity type
docacc_area_code, docacc_street, docacc_city, docacc_state — Address fields
docacc_last_login — Timestamp of last DocCheck login
