This document explains how to configure each social login provider (Google, Facebook, LinkedIn, Naver, Kakao, LINE) in the Simple Easy Social Login (SESLP) plugin.
All sign-ins are based on OAuth 2.0 / OpenID Connect (OIDC).
You must create an app (client) in each providerβs console and enter the Client ID / Client Secret in SESLP.
https://{your-domain}/?social_login={provider}
Examples:
https://example.com/?social_login=googlehttps://example.com/?social_login=facebookhttps://example.com/?social_login=linkedinhttps://example.com/?social_login=naverhttps://example.com/?social_login=kakaohttps://example.com/?social_login=lineMost providers require HTTPS and will reject http:// redirects.
The Redirect URI in the console must match 100% with what SESLP sends (protocol, subdomain, path, trailing slash, and query string).
Some providers allow users to deny email sharing. SESLP can fall back to stable provider IDs to link accounts.
/wp-content/SESLP-debug.log/wp-content/debug.log (WP_DEBUG_LOG = true)/wp-content/SESLP-debug.log (SESLP debug log)/wp-content/debug.log (WP_DEBUG_LOG = true)[YYYY-MM-DD HH:MM:SS Z] [LEVEL] Message {"key":"value",...}
Z: UTC or WordPress local time (e.g. KST) β selectable in SESLP Settingsr********@g****.com)
1) OAuth start
[DEBUG] State created {"provider":"google","state":"906****23","ttl":"10min"}
Meaning: CSRF protection state token created. ttl is valid for 10 minutes.
2) Callback triggered
[DEBUG] Auth route triggered {"provider":"google","has_code":1}
Meaning: Callback entered. has_code:1 β OAuth code received.
3) State validation
Success:
[DEBUG] State validated {"provider":"google","state":"906****23"}
Failure:
[WARNING] State validation failed: not found/expired {"provider":"google","state":"906****23"}
4) Token exchange
[DEBUG] Token response (google) {"has_access_token":1}
Meaning: Token obtained.
Failure:
[ERROR] Token request failed (google) {"error":"..."}
5) Userinfo request
[ERROR] Userinfo request failed (google)
[WARNING] Invalid userinfo (google)
6) User linker
[DEBUG] Linker: signing in user {"user_id":45,"provider":"google","created":0}
[INFO] Login success (google) {"user_id":45,"email":"r********@g****.com"}
7) Redirect
[DEBUG] Redirect decision {"mode":"profile","user_id":45,"url":"https://example.com/wp-admin/profile.php"}
| Log Message (short) | Likely Cause | Action |
|---|---|---|
| State validation failed | Timeout, tab switch, duplicate request | Retry quickly, use private mode |
| Token request failed | Wrong client ID/secret/redirect, blocked request | Check dev console, firewall, server time |
| Userinfo invalid | Missing scope or email private | Add email, profile scope, user consent |
| User create failed | Account conflict or WordPress restriction | Check existing users, multisite rules |
| Redirect missing | Early return in code | Ensure Redirect class runs after callback |
Expand each provider below and paste the English guide content youβve prepared for that provider.
openid email profilehttps://{domain}/?social_login=google(1) HTTPS recommended/essential (Use trusted development certificates for local environments).
(2) Redirect URI must exactly match 100% the value registered in the console. Ex) https://example.com/?social_login=google
(3) In test mode, only test users can log in (up to 100 users).
(4) When using app homepage/privacy policy/terms URLs, app domains (Authorized domains) registration and ownership verification may be required.
(1) Access Google Cloud Console.
https://console.cloud.google.com/apis/credentials
(2) Select project at top β Create new project (if needed).
(3) Sidebar: go to APIs & Services β OAuth consent screen.
(4) Select User Type: usually External.
(5) Enter App Information: App name, user support email, (optional) logo.
(6) App domain section
(7) Configure Scopes
openid, email, profile(8) Add Test users (emails allowed to log in in test mode).
(9) Save.
Note: Using only the basic scopes (openid email profile) often allows operation (publishing) without review.
(1) Sidebar: APIs & Services β Credentials.
(2) Top: + Create Credentials β OAuth client ID.
(3) Application type: Web application.
(4) Enter a distinguishable Name (e.g., SESLP β Front).
(5) Add Authorized redirect URIs
https://{domain}/?social_login=google(6) Click Create, then copy the displayed Client ID / Client Secret.
(Optional) Authorized JavaScript origins are usually unnecessary for this plugin using code grant.
(1) WP Admin β SESLP Settings β Google tab.
(2) Paste Client ID / Client Secret β Save.
(3) Test with the Google login button on the site frontend.
(1) Check OAuth consent screen β Publishing status.
(2) To switch from test to production:
(3) After switching to production, all Google accounts can log in.
(1) redirect_uri_mismatch
β Occurs if the Redirect URI registered in the console and the actual request URI differ even slightly (including protocol, subdomain, slash, query). Fix to match exactly.
(2) access_denied / disallowed_useragent
β Browser/in-app environment restrictions. Retry in a regular browser.
(3) invalid_client / unauthorized_client
β Client ID/Secret typo or app status (deleted/disabled). Reissue/recheck credentials.
(4) Email is empty
β Check if email scope is included, consent screen exposure, and account email visibility/security settings. Clearly explain email permission usage in the consent screen.
Check logs:
wp-content/SESLP-debug.log (plugin debug ON)wp-content/debug.log (WP_DEBUG, WP_DEBUG_LOG = true)https://{domain}/?social_login=googlehttps://{domain}/?social_login=facebookpublic_profile, emailopenid.(1) Go to Meta for Developers β Log in
https://developers.facebook.com/
(2) Click Create App β Select a general type (e.g., Consumer) β Create app
(3) In the left sidebar, add Facebook Login from Products
(4) Go to Settings β Check the following items:
https://{domain}/?social_login=facebook(1) App Domains: example.com (the domain of the appβs policy/terms/homepage URL)
(2) Privacy Policy URL: Publicly accessible policy page
(3) Terms of Service URL: Publicly accessible terms page
(4) User Data Deletion: Provide a guideline URL or a data deletion endpoint
(5) Category / App Icon: Set appropriately, then Save
(1) The basic permissions required for standard login are public_profile; the optional email is email
(2) In most cases, email can be used without review, but there may be exceptions depending on region/account
(3) Advanced permissions such as for pages/ads require App Review and Business Verification
At the top or in the app settings area, switch App Mode: Development β Live
(1) WP Admin β SESLP Settings β Facebook
(2) Enter App ID / App Secret β Save
(3) Test with the Facebook login button on the frontend
(1) Can't Load URL / redirect_uri error
β Make sure the exact same URI is registered in Valid OAuth Redirect URIs (including protocol, subdomain, slash, query string)
(2) email null
β The user has not registered an email with Facebook or it is private. Prepare ID-based account linking logic, and clearly explain the email permission usage in the consent screen
(3) Permission-related errors
β If the requested scope exceeds the basic range, App Review/Business Verification is required
(4) Cannot switch to Live
β If the policy/terms/data deletion guideline URL is missing or not public. You must provide a public URL
https://{domain}/?social_login=linkedinopenid, profile, emailr_liteprofile, r_emailaddress).(1) Go to LinkedIn Developers Console
β https://www.linkedin.com/developers/apps
(2) Log in with LinkedIn account
(3) Click Create app
(4) Fill in required fields:
MySite LinkedIn Login(5) Click Create app
Development Mode by default β immediate testing of openid, profile, email login without publishing
(1) Go to Products tab
(2) Find Sign In with LinkedIn using OpenID Connect
(3) Click Add product β Approved instantly
(4) OIDC settings appear in Auth tab
OIDC Scopes Required
openid β ID tokenprofile β Name, photo, headlineemail β Email address(1) Navigate to Auth β OAuth 2.0 settings
(2) Add to Redirect URLs:
β https://{domain}/?social_login=linkedin
(3) Exact match required (protocol, subdomain, slash, query)
(4) Register multiple if needed:
https://localhost:3000/?social_login=linkedinhttps://staging.example.com/?social_login=linkedinhttps://example.com/?social_login=linkedin(5) Click Save
(1) In Auth tab, find:
(2) WordPress Admin β SESLP Settings β LinkedIn
(3) Paste both β Save
(4) Test with LinkedIn login button on frontend
Security:
| Scope | Description | Note |
|---|---|---|
openid |
Returns OIDC standard ID token | Required |
profile |
Name, photo, headline, etc. | Required |
email |
Email address | Required |
Legacy scopes (r_liteprofile, r_emailaddress)
(1) redirect_uri_mismatch
β URIs differ even slightly β ensure 100% match
(2) invalid_client
β Wrong ID/Secret or app inactive β recheck or regenerate
(3) email NULL
β User denied or email scope missing β explain usage in consent screen
(4) insufficient_scope
β Requested scope not approved β verify OIDC enabled
(5) OIDC not enabled
β Missing Sign In with LinkedIn using OpenID Connect in Products
Logs:
/wp-content/SESLP-debug.log/wp-content/debug.logopenid profile email (no legacy scopes)Note:
https://{domain}/?social_login=navername), Email (email)(1) Go to Naver Developer Center
β https://developers.naver.com/apps/
(2) Log in with Naver account
(3) Click Application β Register Application
(4) Fill in required fields:
MySite Naver LoginNaver Login (λ€μλ‘)https://example.comhttps://example.com/?social_login=naver(5) Agree to terms β Register
Note:
(1) Go to My Applications
(2) Click the app β copy Client ID and Client Secret
(1) WP Admin β SESLP Settings β Naver
(2) Paste Client ID / Client Secret
(3) Ensure Redirect URI matches exactly: https://{domain}/?social_login=naver
(4) Save β Test with Naver login button on frontend
| Data | Scope | Note |
|---|---|---|
| Name | name |
Default |
email |
Default | |
| Gender, Birthday | Separate | Review required |
email = null β use ID-based linking(1) Redirect URI mismatch
β Even slight difference β ensure 100% match
(2) HTTP error
β Must use HTTPS
(3) Subdomain error
β Register each subdomain separately
(4) email NULL
β User declined or private β prepare ID-based logic
(5) Review needed
β Basic login: no review
β Additional data: review required
Logs:
/wp-content/SESLP-debug.log/wp-content/debug.logNote:
name, email) is available without review.https://{domain}/?social_login=kakaoprofile_nickname, profile_image, account_emailaccount_email available only after identity or business verification(1) Go to Kakao Developers
β https://developers.kakao.com/
(2) Log in β My Applications β Add New App
(3) Enter:
(4) Save
(1) Product Settings > Kakao Login
(2) Toggle Enable Kakao Login β ON
(3) Register Redirect URI
https://{domain}/?social_login=kakao(4) Domain must match Platform site domain
(1) Consent Items
(2) Add and configure:
| Scope | Description | Consent Type | Note |
|---|---|---|---|
profile_nickname |
Nickname | Required/Optional | Basic |
profile_image |
Profile Image | Required/Optional | Basic |
account_email |
Optional | Verification required |
(3) Clearly state purpose for each
(4) Save
Note: Sensitive scopes require verification
(1) App Settings > Platform
(2) Register Web Platform
(3) Site Domain: https://{domain}
(4) Save β Must match Redirect URI domain
(1) Product Settings > Security
(2) Use Client Secret β ON
(3) Generate Secret β Copy value
(4) Activation Status β Active
(5) Save
Important: Must activate after generation
(1) App Keys
(2) Copy REST API Key β Use as Client ID
(1) WP Admin β SESLP Settings β Kakao
(2) Client ID = REST API Key
Client Secret = Generated Secret
(3) Save
(4) Test with Kakao Login Button
(1) redirect_uri_mismatch β 100% match required
(2) invalid_client β Secret not activated or typo
(3) email empty β User declined or unverified
(4) Domain mismatch β Platform vs Redirect URI
(5) HTTP forbidden β HTTPS only
Logs:
/wp-content/SESLP-debug.log/wp-content/debug.loghttps://{domain}/?social_login=lineopenid, profile, email(1) Access LINE Developers Console
β https://developers.line.biz/console/
(2) Log in with LINE Business Account (personal account not allowed)
(3) Click Create a new provider β Enter name β Create
(4) Under the provider β Channels tab
(5) Select Create a LINE Login channel
(6) Configure:
LINE LoginSouth Korea, Japan)(7) Agree to terms β Create
(1) Go to OpenID Connect in left menu
(2) Click Apply next to Email address permission
(3) Fill out application:
(4) email scope works only after approval
β Approval usually takes 1β3 business days
(1) Go to LINE Login in left menu
(2) Enter Callback URL:
β https://{domain}/?social_login=line
(3) Exact match required:
https:// (HTTP not allowed)(4) Click Save
(5) Change channel status to Published
(1) Channel top or Basic settings
(2) Channel ID β SESLP Client ID
Channel Secret β SESLP Client Secret
(1) WP Admin β SESLP Settings β LINE
(2) Client ID β Channel ID
Client Secret β Channel Secret
(3) Save
(4) Test with LINE login button on frontend
(1) redirect_uri_mismatch β Even slight difference causes error β 100% match
(2) invalid_client β Secret typo or not Published
(3) email NULL β Email permission not approved or user declined
(4) HTTP not allowed β HTTPS required (localhost HTTPS OK)
(5) Development mode limit β Only test accounts can log in
Logs:
/wp-content/SESLP-debug.log/wp-content/debug.logNote: SESLP fully supports