=== Edel Auth for Supabase ===
Contributors: edelhearts
Tags: supabase, authentication, login, membership, google-login
Requires at least: 5.8
Tested up to: 6.9
Stable tag: 1.0.2
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connect your WordPress site to Supabase Authentication. Securely manage members with Supabase while keeping WordPress admins separate.

== Description ==

This plugin integrates **Supabase Authentication** into your WordPress site, providing a secure, scalable, and modern membership system.
It allows you to completely separate "Site Administrators" (who use WordPress native auth) from "General Users" (who use Supabase auth).
This ensures your `wp-admin` remains secure while offering a seamless login experience for your customers.

### Full Setup Guide
We have prepared a comprehensive guide to help you through the process, including Google Cloud Platform configuration and Supabase settings:
https://edel-hearts.com/edel-auth-for-supabase-guide/?display_lang=en

### Key Features

* **Supabase Authentication:** Support for Email/Password, Magic Links (Passwordless), and Social Login (Google).
* **Auto Synchronization:** Users created in Supabase are automatically synced to WordPress as subscribers upon login.
* **Logout Synchronization:** Logging out of WordPress automatically triggers a sign-out from Supabase to ensure session consistency.
* **User Deletion Sync:** Deleting a user in WordPress automatically removes the corresponding user from Supabase (Requires Service Role Key).
* **Secure Admin Separation:** Administrators are blocked from logging in via the frontend forms to prevent privilege escalation attacks.
* **Smart Password Reset:** Automatically detects if a user registered via Google and guides them to use the "Log in with Google" button instead of sending a reset email.
* **Welcome Emails:** Sends customizable "Welcome" emails directly from WordPress upon successful registration. Custom Sender Name and Email are supported.
* **Keep Alive (Maintenance):** Automatically accesses Supabase once a day to prevent free projects from pausing due to inactivity.
* **Developer Friendly:** Includes hooks for customizing user roles and syncing additional metadata.

### Why use this plugin?
Unlike other plugins that sync the entire database, **Edel Auth for Supabase** authenticates users via the Supabase API on the frontend and only creates a WordPress user session when necessary.
This keeps your WordPress database clean and your site fast.

== Installation ==

1.  Upload the plugin files to the `/wp-content/plugins/edel-auth-for-supabase` directory, or install the plugin through the WordPress plugins screen directly.
2.  Activate the plugin through the 'Plugins' screen in WordPress.
3.  Go to **Settings > Edel Auth (Supabase)**.
4. For a step-by-step walkthrough of the API and Google Login setup, refer to our official guide:
https://edel-hearts.com/edel-auth-for-supabase-guide/?display_lang=en

### Supabase Setup (Required)

1.  Log in to your [Supabase Dashboard](https://supabase.com/dashboard).
2.  Go to **Project Settings > API**.
3.  Copy the **Project URL**, **anon public key**, and **service_role secret**.
4.  Paste these credentials into the plugin settings page in WordPress.
* *Note: The `service_role` key is stored securely and used for administrative tasks like checking Google users, syncing user deletions, or the "Keep Alive" feature.*

### Email Setup (Optional)

You can configure the plugin to send a "Welcome Email" from WordPress upon new user registration.
Go to **Settings > Edel Auth (Supabase)** and configure the **Welcome Email Settings** section.
You can specify the Sender Name, Sender Email, Subject, and Body content.

### Maintenance Settings (Optional)

If you are using Supabase's Free Plan, projects may be paused after 7 days of inactivity.
Enable **"Keep Alive"** in the settings to have WordPress automatically access your Supabase project once a day, preventing it from pausing.

== Frequently Asked Questions ==

= How do I remove the "Powered by Supabase" text from Supabase emails? =
This text is automatically added by Supabase if you are using their built-in email service.
To remove it, you must configure **Custom SMTP** in your Supabase Project Settings.
Once configured, you can edit the Email Templates to remove the footer.

= Does this plugin sync users to the WordPress database? =
Yes, but efficiently.
A WordPress user record is created (or updated) only when a user successfully logs in via Supabase.
This ensures that users exist in WordPress for compatibility with other plugins (like WooCommerce or membership plugins), but authentication is handled by Supabase.

= Does logging out of WordPress log me out of Supabase? =
Yes.
The plugin detects the WordPress logout action and triggers a sign-out request to Supabase on the frontend, ensuring both sessions are terminated.

= What happens if I delete a user from WordPress? =
If you have configured the **Service Role Key** in the settings, deleting a user from the WordPress admin screen will also delete the corresponding user from your Supabase project.

= What happens if a Google-registered user tries to reset their password? =
The plugin's "Smart Check" feature detects that the email is associated with a Google provider.
Instead of sending a reset email (which wouldn't work), it displays a helpful message advising the user to log in with Google.

= Can Administrators log in via the Supabase form? =
No. For security reasons, users with `administrator` privileges are blocked from logging in via the frontend Supabase forms.
Admins should continue using the default `/wp-login.php` or `/wp-admin`.

= Where can I find the Redirect URL for Google Login? =
If you use Google Login, you need to add your site's URL to the **Redirect URLs** in Supabase (Authentication > URL Configuration).
Usually, this is just your site's home URL (e.g., `https://example.com`).

== For Developers ==

You can customize the plugin behavior using the following hooks in your theme's functions.php:

1. Filter Hook: eafs_user_role
This filter allows you to dynamically change the WordPress user role based on the Supabase provider (e.g., assigning a 'contributor' role to users who log in via Google).

2. Action Hook: eafs_after_user_sync
This action triggers after a user is successfully synced from Supabase to WordPress. It is ideal for updating additional user metadata, such as syncing the display name or recording the last login timestamp.

== Shortcodes ==

* `[eafs_login]` - Displays the login form.
* `[eafs_register]` - Displays the registration form.
* `[eafs_forgot_password]` - Displays the password reset request form.
* `[eafs_update_password]` - Displays the new password entry form (for the reset flow).
* `[eafs_logout]` - Displays a logout button (only visible to logged-in users).

== Changelog ==

= 1.0.2 =
* Updated documentation link and developer hooks instructions.
* Fixed code block formatting issues in readme.

= 1.0.1 =
* Fixed file naming issues and updated branding.

= 1.0.0 =
* Initial release.