Effect of enabling strict oAuth on legacy users


What would happen to all the users of my WP website that used the unlock with patreon or log in with patreon if I suddenly switched on Enable strict oAuth ?

  1. would they get locked out from the website and have to send a forgot password email to re gain access?
  2. will they still be able to login without needing to create a password for their WP account?

An a note, all the patreon users that use unlock with patreon get an automatically created new WP account which doesn’t seem to have password, neither send forget password emails.

That’s the reason I’m worried to enable this feature and have all users locked out.

The reason I want this option is because all former patreon users that stick around in my website lose access once they cancel patreon, so I want to future proof they can always log into my website even after canceling the patreon subscription or deleting their patreon account etc.

My only worry is what will happen to current patreon users if I suddenly switch on strict mode.


Enabling strict oAuth would cause issues with logins so avoid that.

The patrons sticking around after they cancel Patreon can be due to the 3 day grace period that Patreon gives to declined payments etc.

Also note that sticking around is not the same as having access. Once they created an account at your WP site, then they would normally have that account since it wouldnt be deleted after their pledge expires. They should be able to be around the site, but they should not be able to access your patron-only content.

If they are still able to access your patron-only content, then check your site’s cache settings. It may be caching the pages for users and showing unlocked pages to non-patron users.

For some reason many of them when they decide to cancel patreon and migrate to our wordpress subscription they end up not being able to login to the website anymore. Potentially they are clicking this button, I’m not fully sure.

but once they cancel, they do something that ends up locking them out and creating a new account with a new email, which now does not have the WP subscription and end up contacting support and causing a lot of back and forward.

Our issue is with users getting locked out not with accessing content.

We need to be able to tell them exactly what to do if they decide to move on from patreon.
Maybe the answer is to ask them to create a WP password before they disconnect from patreon so they can still login to our website.

They should not disconnect Patreon. Patreon acts not only as a subscription service, but also as a login service. If it is disconnected, they cant log in. Ie, it functions like login via Google at that point. Its not necessary to disconnect Patreon to be using your local subscription service.

If they want to disconnect Patreon, they should reset their password in your local WP first. And that wont work if they dont have a verified email at Patreon since the plugin would not save emails for those who dont have it verified at Patreon. (security risk).

Basically ask your users to reset their local password if they are going to disconnect Patreon. Add a plugin that allows logging in via both username and pass (if you already dont). You will have to manually sort out the patron accounts that dont have verified emails at Patreon though. (Save them an email in their WP profile etc).