| 开发者 |
zwareonline
shinji3rd |
|---|---|
| 更新时间 | 2026年7月13日 05:40 |
| PHP版本: | 8.0 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPL-2.0-or-later |
| 版权网址: | 版权信息 |
/wp-json/zasp/v1/login/{network}/callback) for compatibility with caching plugins.
User creation: Social login creates WordPress user accounts using standard WordPress functions (wp_create_user, wp_set_auth_cookie). New accounts are assigned the role configured in Settings → Login Social (default: Subscriber). Apple identity tokens are verified against Apple's public keys before any account is created or accessed. It is strongly recommended to set the default role to Subscriber and to restrict registration via the site's General Settings if you do not wish to allow open registration.
⭐ ZASP Premium
Expand to more platforms with the ZASP Premium add-on (available at zwareonline.com):
https://graph.facebook.com, https://graph.threads.net)
Used to publish posts to Facebook Pages, Instagram Business/Creator accounts, and Threads. Called when: (a) you connect a Facebook, Instagram, or Threads account; (b) a post is published and auto-posting is enabled; (c) you share manually from the post editor.
Data sent: your Facebook Page access token, post title, post content/excerpt, post URL, and featured image (if any).
Meta Terms of Service · Meta Privacy Policy
X / Twitter API (https://api.twitter.com, https://twitter.com/i/oauth2)
Used to post tweets and to authenticate your X account via OAuth 2.0 PKCE. Called when: (a) you connect your X account; (b) a post is published and auto-posting is enabled; (c) you share manually; (d) a user logs in with X.
Data sent: your X OAuth credentials, post content, and (optionally) the featured image.
X Terms of Service · X Privacy Policy
Bluesky / AT Protocol (https://bsky.social)
Used to post to Bluesky using app passwords. Called when a post is published and auto-posting is enabled, or when you share manually from the post editor.
Data sent: your Bluesky handle, app password (used to obtain a session token), post content, and (optionally) the featured image.
Bluesky Terms of Service · Bluesky Privacy Policy
Mastodon (user-configured instance)
Used to post to the Mastodon instance you configure. Called when a post is published and auto-posting is enabled, or when you share manually. The specific API domain depends on your configured instance (e.g., https://mastodon.social).
Data sent: your Mastodon instance URL, OAuth credentials, post content, and (optionally) the featured image.
Mastodon Privacy Policy (varies by instance)
Truth Social (https://truthsocial.com)
Used to post to Truth Social via its Mastodon-compatible API. Called when a post is published and auto-posting is enabled, or when you share manually.
Data sent: your Truth Social OAuth credentials, post content.
Truth Social Terms · Truth Social Privacy Policy
Google OAuth2 (https://accounts.google.com)
Used to sign users into your WordPress site via Google (OpenID Connect). Called only during a user login/registration flow initiated by the user.
Data sent: your Google OAuth2 Client ID and Client Secret. Google returns the user's name, email, and profile picture URL, which are stored in your WordPress database.
Google Terms of Service · Google Privacy Policy
Apple ID (https://appleid.apple.com)
Used to sign users into your site via Sign in with Apple. Called only during a user login/registration flow.
Data sent: your Apple Services ID and team credentials. Apple returns a signed identity token containing the user's name and email, which are stored in your WordPress database.
Apple Terms of Service · Apple Privacy Policy
Twitch API (https://api.twitch.tv, https://id.twitch.tv)
Used to sign users into your site via Twitch OAuth 2.0. Called only during a user login/registration flow.
Data sent: your Twitch Client ID and Client Secret. Twitch returns the user's display name and email, which are stored in your WordPress database.
Twitch Terms of Service · Twitch Privacy Policy
Discord API (https://discord.com/api)
Used to sign users into your site via Discord OAuth 2.0. Called only during a user login/registration flow.
Data sent: your Discord Client ID and Client Secret. Discord returns the user's username and email, which are stored in your WordPress database.
Discord Terms of Service · Discord Privacy Policy
No data is ever sent to Zware Online servers by this plugin.
Privacy
ZASP stores access tokens and user data (names, emails, social network UIDs) in your own WordPress database. No data is transmitted to Zware Online or any third party beyond the social network services listed above and as described in each service's entry.
/wp-content/plugins/, or install via Plugins → Add New.Yes. OAuth callbacks use WordPress REST API endpoints (/wp-json/zasp/v1/…) which are excluded from page caches in most caching plugins. Session cookies are set server-side after login, so caching does not interfere with authentication.
Meta's Graph API only allows automated publishing to Instagram Business or Creator accounts. Personal accounts cannot be used for automated posting. You can convert a personal account to a Creator account at no cost in Instagram's settings.
ZASP uses long-lived Page access tokens. Common causes of revocation: changing your Facebook password, removing the app from your Facebook account security settings, or Meta revoking it due to a policy violation. ZASP will notify you when a token becomes invalid and you can reconnect in one click from the Settings page.
Yes. All Pages accessible from your Facebook account are stored when you connect. You can switch the active page from Settings → Facebook.
No. When Instagram requires an aspect-ratio adjustment, ZASP creates a temporary copy of the image, uploads it to Instagram, and then immediately deletes the temporary file. Your original featured image is never modified.
In your WordPress user database, the same as any user registered through any other method. Social login matches existing accounts by email address first, then by network UID. If a matching email already exists the user is logged in — no duplicate account is created.
Yes. Go to Settings → Login Social → Default Role and choose the role assigned to new accounts created through social login. It is recommended to use Subscriber (the default) unless your site has a specific need for higher-privileged self-registration.