Google Spreadsheet User login

Question

Okay, So I have a client that wants their wordpress site to only require user to use their email to login. They instead want the site read through a google spreadsheet of all the users. Then if the users email is found in the spreadsheet it allows the user to login.

Before people start screaming, I know its extremely bad from a security stand point, we've told them this. They don't care.

So my question is, has anyone one done this or something similar in the past. How did you do it.

And how would say is the best way to go about doing this. So far I have thought of a few ways to do it.

1. Secretly embed the doc on a hidden web page then access it.
2. Some how just access it using APIs
3. Maybe using google forms as the email entry, and some how use that to search the google docs.

Any ideas or helps, is appreciated greatly. Thank you.

Answer 1

Logging in via an email address is easy, there are already plugins to do it. https://wordpress.org/plugins/wp-email-login/

There is also a plugin for external authentication. Don't know if it does it from a spreadsheet, though you may have a way to sync the spreadsheet to an external DB (via an API perhaps): https://wordpress.org/plugins/external-db-auth-reloaded/

Answer 2

Would you need the logged in user to have any user-specific account info? Could you get by with allowing each logged in user to essentially be using the same single account in WordPress?

I could see a solution where you hook into wp_authenticate() https://codex.wordpress.org/Plugin_API/Action_Reference/wp_authenticate

And in your hook function call, run out to Google Spreadsheet via their API and see if that email address is found in the list. If so, log them into WP using a preset, single account that's meant to be used for all such users.

Here's some basic info for reading from a Google Sheet via their API: https://developers.google.com/sheets/samples/reading