DocCheck Access

The DocCheck Access plugin integrates DocCheck’s OAuth2 authentication system into your WordPress site, allowing medical professionals to log in using their DocCheck credentials.

Note: Using DocCheck Access requires the Economy or Business license model. This plugin cannot be used with the Basic license model. Please contact DocCheck for details on available license models.

Features

• Adds a DocCheck login button via shortcode or automatic page-level protection
• OAuth 2.0 Authorization Code flow with PKCE for secure authentication
• Two authentication modes: Anonymous Session and WordPress User creation
• Per-page and global content protection with role-based access control
• Configurable scope and user metadata mapping
• Template override support for protected pages
• Hooks and filters for developers to customize behavior

External Services

This plugin connects to the following external services:

DocCheck OAuth Server (https://auth.doccheck.com)

Used to exchange the OAuth authorization code for an access token and to retrieve the authenticated user’s profile data. This connection is only made when a visitor actively clicks the DocCheck login button. Please refer to the DocCheck Privacy Policy and DocCheck Terms of Service.

DocCheck CDN (https://dccdn.de)

The DocCheck login button is a web component whose script is served from DocCheck’s CDN. It is loaded only on pages where the [docacc_login] shortcode or page-level protection is active — not on every page. Please refer to the DocCheck Privacy Policy.

No data is transmitted to any other third-party service.

Requirements

• WordPress 5.0 or higher
• PHP 7.2 or higher
• A DocCheck OAuth client ID and client secret (obtainable from DocCheck)

General Settings

Go to Settings > DocCheck Login in your WordPress admin to configure the plugin. You can also open the settings directly from the Settings link on the WordPress plugins overview screen.

OAuth Credentials

• Client ID — Your DocCheck OAuth Client ID.
• Client Secret — Your DocCheck OAuth Client Secret.
• Redirect URI — Auto-generated based on your site URL. Copy this value into your DocCheck application settings.

Redirection & Debug

• Default Target Page — The page users land on after a successful login.
• Debug Mode — Logs detailed API and authentication information. Disable on production sites.

Content Protection

• Make all Pages Private — Requires DocCheck login for every page on the site.
• Auto-assign Parent Configurations — Child pages automatically inherit their parent page’s protection status.
• Login Button Version — Pin a specific component version (e.g. 3.2.7) or use @latest to always load the most recent version.

User Management

Authentication Modes

• Anonymous Session — Users are authenticated via DocCheck but no WordPress user account is created. Data is held only for the duration of the PHP session and is not stored permanently.
• WordPress User — A WordPress user account is created or linked on the visitor’s first DocCheck login. Allows persistent storage of user properties and role-based access control.

Role & Metadata

• Default User Role — The WordPress role assigned to newly created DocCheck users. Only low-privilege roles (those without manage_options or edit_others_posts capabilities) are available for selection. Administrator and Editor roles cannot be assigned to DocCheck users.
• Automatic User Creation — Disabled by default. In WordPress User mode, local user creation for first-time DocCheck logins must be explicitly enabled by an administrator.
• Scope & Property Selection — Choose which DocCheck scopes to request and which user properties to store as WordPress user metadata.

Developer Hooks

Actions

• docacc_user_created — Fires after a new WordPress user is created via DocCheck login.
  Parameters: $user_id (int), $user_data (array)

• docacc_user_logged_in — Fires when an existing user logs in via DocCheck.
  Parameters: $user_id (int), $user_data (array)

• docacc_session_created — Fires when a user is authenticated in anonymous session mode.
  Parameters: $user_data (array)

Filters

• docacc_map_role — Customize role assignment based on DocCheck user data.
  Parameters: $current_role (string), $user_data (array), $user_id (int)
  Note: roles with manage_options or edit_others_posts capabilities are silently rejected for security reasons.

• docacc_protected_template — Override the template used for protected pages.
  Parameters: $template (string)

• docacc_is_authenticated — Override the authentication check result.
  Parameters: $authenticated (bool)

• docacc_user_data — Modify the DocCheck user data array before it is used.
  Parameters: $user_data (array)

Template Functions

// Check if the current visitor is authenticated via DocCheck
docacc_is_authenticated(); // returns bool

// Get the authenticated user's DocCheck profile fields
docacc_get_user_data(); // returns array, empty if not authenticated

Example in a theme template:

<?php if ( docacc_is_authenticated() ) : ?>
    <div class="hcp-content">Visible only to DocCheck users.</div>
<?php else : ?>
    <?php echo do_shortcode( '[docacc_login]' ); ?>
<?php endif; ?>

Custom Protected Page Template

Create doccheck-protected.php in your active theme directory — the plugin uses it automatically. Or override via filter:

add_filter( 'docacc_protected_template', function( $template ) {
    return get_stylesheet_directory() . '/my-protected-template.php';
} );

User Metadata Stored

In WordPress User mode, the following meta fields are stored per user (subject to selected scopes):

• docacc_unique_id — DocCheck unique identifier (always stored)
• docacc_profession — Profession name
• docacc_country — Country ISO code
• docacc_language — Interface language
• first_name, last_name — Name fields
• docacc_email — Email address
• docacc_discipline_name — Medical discipline
• docacc_activity_name — Activity type
• docacc_area_code, docacc_street, docacc_city, docacc_state — Address fields
• docacc_last_login — Timestamp of last DocCheck login