🔐 External User Authentication Integration (HubHawaii Auth System)
🔧 Overview
The plugin will rely entirely on the HubHawaii authentication system, not WordPress. This system uses a JS-based login layer that supports:

Email/password

Google

Facebook

Apple

Amazon

Authentication tokens and user data are stored in cookies (hubHawaiiUser) and available globally via hh2020Login.userData.

✅ Authentication Check (Client-Side)
Before allowing a user to access the submission form, check:

javascript
Copy
Edit
if (hh2020Login.loggedIn && hh2020Login.userData?.token) {
   // user is authenticated
}
👤 How to Embed the Login Form
To trigger the login UI programmatically:

javascript
Copy
Edit
hubHawaiiScreen.show();        // Opens the modal container
hh2020Login.createScreen();    // Loads the login/register interface
Or include a login button anywhere:

html
Copy
Edit
<a href="#" class="hubHawaiiLogin" onclick="hubHawaiiScreen.show(); hh2020Login.createScreen(); return false;">Login</a>
Once logged in, the user's profile info is available via:

js
Copy
Edit
hh2020Login.userData.profile.name
hh2020Login.userData.profile.email
hh2020Login.userData.id
hh2020Login.userData.token
You can also listen for login events:

js
Copy
Edit
window.addEventListener('hubHawaiiLogin', function(event) {
    // Trigger post-login behavior, like enabling submission form
});
🔐 Submission Auth Integration
When submitting sponsored content via the form, include:

user_id: from hh2020Login.userData.id

token: from hh2020Login.userData.token

The plugin should:

Validate the token against your backend if needed.

Deny submission if not present or invalid.

Never store user credentials in the WordPress DB.

🧪 Authentication Validation Example (Server-Side)
If you need to validate the token on the backend (e.g., during submission approval):

php
Copy
Edit
// From api.php — pseudocode sample
$response = post("https://hubhawaii.com/api/login/refresh/", [
    'token' => $_POST['token'],
    'id'    => $_POST['id']
]);

if ($response['authenticated']) {
   // Safe to proceed
}
🔄 Logout Handling
Call:

js
Copy
Edit
hh2020Login.logout();
🔐 Security Notes
Always validate the token and id server-side before accepting content submissions.

Ensure forms don't render unless hh2020Login.loggedIn is true.

💡 Summary for Devs
Feature	Integration Method
Show login modal	hubHawaiiScreen.show(); hh2020Login.createScreen();
Check if user is logged in	hh2020Login.loggedIn === true
Get user ID and token	hh2020Login.userData.id, hh2020Login.userData.token
Secure server-side validation	POST to /api/login/refresh/ with id and token
Embed login/register anywhere	Add a button with class="hubHawaiiLogin" + onClick
Listen for login/logout events	window.addEventListener('hubHawaiiLogin', handler)