Zynatic Authentication

This plugin enable authentication from Zynatic Medlemsregister by wp_remote_get call to https://www.zynatic.se/ The authentication is performed in several steps to reduce the risk of leakage of user credentials 1. WordPress sends an initiate to https://www.zynatic.se/ and receives a public key in the responce 2. WordPress encrypts user credentials using the received public key 3. WordPress sends the encrypted credentials to https://www.zynatic.se/ 4. https://www.zynatic.se/ decrypt the credentials using its own secret key and validate credentials 5. https://www.zynatic.se/ sends a responce informing if the credentials is validated correctly and the user is allowed to login

The user is created in https://www.zynatic.se/ if the username is missing in https://www.zynatic.se/, the credentials are validated ok in WordPress and the name are equal in https://www.zynatic.se/ and WordPress. The user is created in WordPress if the user credentials is validated ok in https://www.zynatic.se/ and the user is missing in WordPress. A WordPress super admin user is granted access in WordPress even if the user is missing in https://www.zynatic.se/.

External services

This plugin connects to an API to verify user credentials, it’s needed to verify credentials in Zynatic Medlemsregister. The user credentials are sent to https://www.zynatic.se/ for validation during the login process in WordPress.

It sends the user’s credentials, usernamne, password and secret key, encrypted using a public key received from Zynatic Medlemsregister. The public encryption key is unique for each login attempt.

The required initial parameters KundId (customer id) and Token is provided by Zynatic AB.

This service is provided by “Zynatic AB”: https://www.zynatic.se/