Custom Auth Pages
OEngage provides four custom WordPress pages (created on activation):
| Page | Slug | Shortcode |
|---|---|---|
| Login | /login | [oregister_login] |
| Register | /register | [oregister_register] |
| Forgot Password | /forgot-password | [oregister_forgot] |
| Reset Password | /reset-password | [oregister_reset] |
Set these pages in Settings → Pages. All WP login redirects are intercepted and point to these pages instead.
Social Login
Configure providers in Settings → Social Login.
| Provider | Required credentials |
|---|---|
| Client ID + Client Secret (Google Cloud Console) | |
| Apple | Service ID + Team ID + Key ID + .p8 private key |
| GitHub | Client ID + Client Secret (GitHub OAuth App) |
| Client ID + Client Secret (LinkedIn App) |
OAuth redirect URI for all providers: https://yoursite.com/wp-json/oregister/v1/social/callback/{provider}
Social accounts are linked to existing WP users by email match, or a new user is auto-created if registration is enabled.
Magic Link Login
POST /wp-json/oregister/v1/auth/magic-link
{ "email": "user@example.com" }Sends a single-use, 15-minute token via email. User clicks the link, the token is validated, and a WP session is created. Tokens are stored in wp_oregister_magic_tokens.
Brute Force Protection
- Default: 5 failed logins per IP in 10 minutes → 30-minute lockout
- Configurable in Settings → Security
- IP exceptions can be whitelisted in Settings