G-SSO Wallet Authenticator

G-SSO Wallet Authenticator enables passwordless authentication for your WordPress site using cryptocurrency wallets. Users can authenticate with MetaMask, Coinbase Wallet, Rainbow, and other popular web3 wallets.

Features

• Passwordless Authentication – Users authenticate using their crypto wallet signature
• Multiple Wallets – Supports MetaMask, Coinbase Wallet, Rainbow, and more
• QR Code Support – Mobile wallet users can scan QR codes to authenticate
• Shortcode Support – Add wallet authentication button anywhere with [gsso_login]
• Flexible Placement – Use on any page, post, or login form
• Secure Authentication – Uses cryptographic signatures for verification
• WooCommerce Compatible – Works with WooCommerce via shortcode
• No External Dependencies – All libraries bundled locally (WordPress.org compliant)

How It Works

1. User clicks “Connect Wallet” button
2. User selects their preferred wallet (MetaMask, Coinbase, etc.)
3. User signs a verification message in their wallet
4. Plugin verifies the signature and authenticates user
5. User’s wallet address is linked to their WordPress account

Requirements

• WordPress 5.8 or higher
• PHP 7.4 or higher
• G-SSO API credentials (Client ID and Client Secret)

External Services

This plugin connects to external services to provide wallet authentication functionality. All connections use HTTPS encryption.

G-SSO Authentication API

Service Provider: G-SSO Authentication Service
Service URL: https://g-sso.com
Purpose: Verifies cryptographic signatures from cryptocurrency wallets to authenticate users

Data Sent:
* Wallet address (public blockchain information)
* Cryptographic signature (for verification only)
* Timestamp (to prevent replay attacks)
* Chain ID (blockchain network identifier)

When Data is Sent:
Only when a user clicks “Connect Wallet” and signs the authentication message in their wallet.

Privacy Policy: https://g-sso.com/privacy
Terms of Service: https://g-sso.com/terms

Legal Basis:
G-SSO is operated by Go2Glory Ltd. Wallet addresses are public blockchain data and do not constitute personal information under GDPR. No personally identifiable information (PII) is collected without explicit user consent.

QR Code Generation Service

Service Provider: goQR.me / QRServer.com
Service URL: https://api.qrserver.com
Documentation: https://goqr.me/api/
Purpose: Generates QR codes for mobile wallet authentication

Data Sent:
* Temporary authentication URL (session link with no personal data)
* QR code styling parameters (size: 160×160 pixels, color: #667eea)

When Data is Sent:
Only when the wallet connection modal is displayed and user is on a mobile device. QR codes are generated on-demand for that session only.

Privacy Policy: https://goqr.me/privacy-safety-security
Terms of Service: https://goqr.me/legal/tos-api.html

Data Protection:
QR codes contain only temporary session URLs that expire after use. No personal or sensitive information is transmitted. The session URL is a one-time-use token that becomes invalid after authentication completes.

Data Protection Summary

• HTTPS Encryption: All external connections use SSL/TLS encryption
• Public Data Only: Wallet addresses are public blockchain information
• No PII Collection: No names, emails, or personal data required
• Temporary Sessions: Authentication URLs expire after single use
• GDPR Compliant: Minimal data collection by design
• User Control: Users control wallet access via their wallet application

Third-Party Libraries

This plugin includes the following third-party libraries, bundled locally for WordPress.org compliance:

React 18.2.0

• License: MIT
• Source: https://reactjs.org/
• Purpose: UI framework for wallet selection modal
• Files: public/js/vendor/react.min.js

ReactDOM 18.2.0

• License: MIT
• Source: https://reactjs.org/
• Purpose: React DOM rendering
• Files: public/js/vendor/react-dom.min.js

G-SSO SDK

• License: MIT
• Source: https://github.com/g-sso/sdk
• Purpose: Wallet detection and authentication flow
• Files: assets/js/gsso.umd.js
• Note: This is a compiled UMD bundle (not obfuscated code)

Important: All libraries are bundled within the plugin. No external network requests are made to CDNs.

Privacy Policy

This plugin stores the following user data in your WordPress database:

• Wallet addresses (Ethereum addresses, 42 characters)
• Chain type (e.g., “ethereum”)
• Last login timestamp
• User ID association

This data is stored locally in the wp_gsso_wallet_users table.

External Connections:

This plugin connects to the G-SSO API (https://g-sso.com) for wallet signature verification. See the “External Services” section above for complete details on data transmission, privacy policies, and terms of service.

Data Retention:
* User data is deleted when the plugin is uninstalled
* Individual wallet associations can be removed from user profile

User Rights:
Users can disconnect their wallet at any time from their WordPress profile, which removes the wallet-to-account association from your database.

For complete privacy details, see:
* G-SSO Privacy Policy: https://g-sso.com/privacy
* QRServer Privacy Policy: https://goqr.me/legal/tos-api.html

Support

For support, please visit:

• Support Portal: https://g-sso.com/contact
• Documentation: https://g-sso.com/docs
• Email: support@go2glory.com

Development

Shortcode

[gsso_login] - Displays the wallet authentication button

Usage Examples:

In any page or post:
[gsso_login]

In PHP template files:

In WooCommerce My Account page:
[gsso_login]

Credits

Developed by Go2Glory Ltd
Website: https://g-sso.com