Vexal Documentation by WileyLabs

Hub authentication experience

Stable

Plugin versions: Login + Workspace guard 0.3.006; Auth Experience bridges 0.3.007

Hub implements the platform Authentication Experience with Hub-owned classes. WordPress remains the credential authority.

Routes

  • /vexal-login/vexal_mode=login (default) or lost-password
  • Unauthenticated Workspace → redirect to /vexal-login/
  • wp-login.php — “Vexal Workspace Login” bridge link

Authentication vs authorization vs context

wp_signon proves identity. Hub then routes:

  • Operators → Operator Console
  • Customers with vexal_hub_access → Workspace (context still resolved there)
  • Others → site home

See Authentication layers.

Lost password

Native Hub form calls WordPress retrieve_password() only for eligible Workspace customers. Unknown / non-customer / admin requests get the same generic success response (anti-enumeration). Set-new-password remains on core WordPress; eligible customers return to /vexal-login/?password-reset=success.

Customer Admin Guard

Workspace customers (vexal_hub_access, not operator/admin) are blocked from wp-admin and the admin bar, and redirected toward Workspace.

Roadmap

  1. Phase A — Account/site selection UI for selection_required
  2. Phase B — Safe return URLs after login
  3. Phase C — Branded logout → /vexal-login/?vexal_msg=logged_out

See also