From bbb5d42b9f1c3d8be64135e4d896f1809a503193 Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Tue, 30 Sep 2025 14:01:43 +0530
Subject: [PATCH 01/11] Refactored the code to have centralised network
 settings

---
 src/Container.php        |   4 +-
 src/Modules/Settings.php | 636 ++++++++++++++++++++++++++++++++-------
 2 files changed, 524 insertions(+), 116 deletions(-)

diff --git a/src/Container.php b/src/Container.php
index 8ce01d65..762bbcc9 100644
--- a/src/Container.php
+++ b/src/Container.php
@@ -116,8 +116,8 @@ public function define_services(): void {
 
 			return new GoogleClient(
 				[
-					'client_id'     => $settings->client_id,
-					'client_secret' => $settings->client_secret,
+					'client_id'     => $settings->get_client_id(),
+					'client_secret' => $settings->get_client_secret(),
 					'redirect_uri'  => wp_login_url(),
 				]
 			);
diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index 71215273..704da6ca 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -15,30 +15,23 @@
 use RtCamp\GoogleLogin\Interfaces\Module as ModuleInterface;
 
 /**
- * Class Settings.
- *
- * @property string|null whitelisted_domains
- * @property string|null client_id
- * @property string|null client_secret
- * @property bool|null registration_enabled
- * @property bool|null one_tap_login
- * @property string    one_tap_login_screen
+ * Class Settings
  *
  * @package RtCamp\GoogleLogin\Modules
  */
 class Settings implements ModuleInterface {
 
 	/**
-	 * Settings values.
+	 * Options array.
 	 *
 	 * @var array
 	 */
 	public $options;
 
 	/**
-	 * Getters for settings values.
+	 * List of getters for settings.
 	 *
-	 * @var string[]
+	 * @var array
 	 */
 	private $getters = [
 		'WP_GOOGLE_LOGIN_CLIENT_ID'         => 'client_id',
@@ -50,14 +43,15 @@ class Settings implements ModuleInterface {
 	];
 
 	/**
-	 * Getter method.
+	 * Magic getter to access settings as properties.
+	 *
+	 * @param string $name Name of the property.
 	 *
-	 * @param string $name Name of option to fetch.
+	 * @return mixed
 	 */
 	public function __get( string $name ) {
 		if ( in_array( $name, $this->getters, true ) ) {
 			$constant_name = array_search( $name, $this->getters, true );
-
 			return defined( $constant_name ) ? constant( $constant_name ) : ( $this->options[ $name ] ?? '' );
 		}
 
@@ -65,75 +59,317 @@ public function __get( string $name ) {
 	}
 
 	/**
-	 * Return module name.
+	 * Name of the module.
 	 *
 	 * @return string
 	 */
 	public function name(): string {
-		return 'settings';
-	}
+		return 'settings'; }
 
 	/**
-	 * Initialization of module.
-	 *
-	 * @return void
+	 * Initializes the settings module.
 	 */
 	public function init(): void {
 		$this->options = get_option( 'wp_google_login_settings', [] );
 
-		/**
-		 * Actions.
-		 */
 		add_action( 'admin_init', [ $this, 'register_settings' ] );
 		add_action( 'admin_menu', [ $this, 'settings_page' ] );
 
-		/**
-		 * Filters.
-		 */
-		// Add filters here.
+		if ( is_multisite() ) {
+			add_action( 'network_admin_menu', [ $this, 'register_network_settings_page' ] );
+			add_action( 'network_admin_menu', [ $this, 'register_network_settings' ] );
+			add_action( 'network_admin_edit_wp_google_login_network_settings', [ $this, 'save_network_settings' ] );
+		}
+	}
+
+	/**
+	 * Retrieves the Google OAuth Client ID, respecting multisite/global settings.
+	 *
+	 * @return string
+	 */
+	public function get_client_id() {
+		if ( is_multisite() ) {
+			$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
+
+			if ( ! empty( $network_settings['apply_globally'] ) && ! empty( $network_settings['client_id'] ) ) {
+				return $network_settings['client_id'];
+			}
+		}
+
+		return $this->client_id;
 	}
 
 	/**
-	 * Register the settings, section and fields.
+	 * Retrieves the Google OAuth Client Secret, respecting multisite/global settings.
+	 *
+	 * @return string
+	 */
+	public function get_client_secret() {
+		if ( is_multisite() ) {
+			$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
+
+			if ( ! empty( $network_settings['apply_globally'] ) && ! empty( $network_settings['client_secret'] ) ) {
+				return $network_settings['client_secret'];
+			}
+		}
+
+		return $this->client_secret;
+	}
+
+	/**
+	 * Registers the network settings page for multisite installations.
 	 *
 	 * @return void
 	 */
-	public function register_settings(): void {
-		register_setting( 'wp_google_login', 'wp_google_login_settings' );
+	public function register_network_settings_page(): void {
+		add_submenu_page(
+			'settings.php',
+			__( 'Login with Google Network Settings', 'login-with-google' ),
+			__( 'Login with Google', 'login-with-google' ),
+			'manage_network_options',
+			'login-with-google-network',
+			[ $this, 'output_network_settings' ]
+		);
+	}
+
+	/**
+	 * Outputs the network settings page HTML.
+	 */
+	public function output_network_settings(): void {
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		if ( isset( $_GET['updated'] ) ) {
+			echo '<div id="message" class="updated notice is-dismissible"><p>' . esc_html__( 'Settings saved.', 'login-with-google' ) . '</p></div>';
+		}
+		?>
+		<div class="wrap">
+			<h1><?php esc_html_e( 'Login with Google Network Settings', 'login-with-google' ); ?></h1>
+			<form method="post" action="edit.php?action=wp_google_login_network_settings">
+				<?php
+				wp_nonce_field( 'wp_google_login_network-options' );
+				settings_fields( 'wp_google_login_network' );
+				do_settings_sections( 'login-with-google-network' );
+				submit_button();
+				?>
+			</form>
+		</div>
+		<?php
+	}
+
+	/**
+	 * Registers the network settings for multisite installations.
+	 *
+	 * @return void
+	 */
+	public function register_network_settings(): void {
+		if ( ! is_multisite() || ! is_network_admin() ) {
+			return;
+		}
+
+		register_setting( 'wp_google_login_network', 'wp_google_login_network_settings' );
 
 		add_settings_section(
-			'wp_google_login_section',
-			__( 'Log in with Google Settings', 'login-with-google' ),
-			function () {
-			},
-			'login-with-google'
+			'wp_google_login_network_section',
+			__( 'Log in with Google Network Settings', 'login-with-google' ),
+			function () {},
+			'login-with-google-network'
 		);
 
 		add_settings_field(
 			'wp_google_login_client_id',
 			__( 'Client ID', 'login-with-google' ),
 			[ $this, 'client_id_field' ],
-			'login-with-google',
-			'wp_google_login_section',
-			[ 'label_for' => 'client-id' ]
+			'login-with-google-network',
+			'wp_google_login_network_section',
+			[
+				'context'   => 'network',
+				'label_for' => 'client-id',
+			]
 		);
 
 		add_settings_field(
 			'wp_google_login_client_secret',
 			__( 'Client Secret', 'login-with-google' ),
 			[ $this, 'client_secret_field' ],
-			'login-with-google',
+			'login-with-google-network',
+			'wp_google_login_network_section',
+			[
+				'context'   => 'network',
+				'label_for' => 'client-secret',
+			]
+		);
+
+		add_settings_field(
+			'wp_google_login_apply_globally',
+			__( 'Apply settings to all sites in the network', 'login-with-google' ),
+			[ $this, 'apply_globally_field' ],
+			'login-with-google-network',
+			'wp_google_login_network_section',
+			[
+				'context'   => 'network',
+				'label_for' => 'apply-globally',
+			]
+		);
+
+		add_settings_field(
+			'wp_google_allow_registration',
+			__( 'Create New User', 'login-with-google' ),
+			[ $this, 'user_registration' ],
+			'login-with-google-network',
+			'wp_google_login_network_section',
+			[
+				'context'   => 'network',
+				'label_for' => 'user-registration',
+			]
+		);
+
+		add_settings_field(
+			'wp_google_one_tap_login',
+			__( 'Enable One Tap Login', 'login-with-google' ),
+			[ $this, 'one_tap_login' ],
+			'login-with-google-network',
+			'wp_google_login_network_section',
+			[
+				'context'   => 'network',
+				'label_for' => 'one-tap-login',
+			]
+		);
+
+		add_settings_field(
+			'wp_google_one_tap_login_screen',
+			__( 'One Tap Login Locations', 'login-with-google' ),
+			[ $this, 'one_tap_login_screens' ],
+			'login-with-google-network',
+			'wp_google_login_network_section',
+			[
+				'context'   => 'network',
+				'label_for' => 'one-tap-login-screen',
+			]
+		);
+
+		add_settings_field(
+			'wp_google_whitelisted_domain',
+			__( 'Whitelisted Domains', 'login-with-google' ),
+			[ $this, 'whitelisted_domains' ],
+			'login-with-google-network',
+			'wp_google_login_network_section',
+			[
+				'context'   => 'network',
+				'label_for' => 'whitelisted-domains',
+			]
+		);
+	}
+
+	/**
+	 * Saves the network settings for multisite installations.
+	 *
+	 * @return void
+	 */
+	public function save_network_settings() {
+		if ( ! current_user_can( 'manage_network_options' ) ) {
+			wp_die( esc_html__( 'Sorry, you are not allowed to manage network options.', 'login-with-google' ) );
+		}
+
+		check_admin_referer( 'wp_google_login_network-options' );
+
+		$defaults = [
+			'apply_globally'       => 0,
+			'one_tap_login'        => 0,
+			'registration_enabled' => 0,
+			'one_tap_login_screen' => 'login',
+			'whitelisted_domains'  => '',
+			'client_id'            => '',
+			'client_secret'        => '',
+		];
+
+		$settings = $_POST['wp_google_login_network_settings'] ?? []; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+
+		// Sanitize each field.
+		$sanitized_settings = [
+			'apply_globally'       => isset( $settings['apply_globally'] ) ? 1 : 0,
+			'one_tap_login'        => isset( $settings['one_tap_login'] ) ? 1 : 0,
+			'registration_enabled' => isset( $settings['registration_enabled'] ) ? 1 : 0,
+			'one_tap_login_screen' => isset( $settings['one_tap_login_screen'] ) ? sanitize_text_field( $settings['one_tap_login_screen'] ) : 'login',
+			'whitelisted_domains'  => isset( $settings['whitelisted_domains'] ) ? sanitize_text_field( $settings['whitelisted_domains'] ) : '',
+			'client_id'            => isset( $settings['client_id'] ) ? sanitize_text_field( $settings['client_id'] ) : '',
+			'client_secret'        => isset( $settings['client_secret'] ) ? sanitize_text_field( $settings['client_secret'] ) : '',
+		];
+
+		$settings = array_merge( $defaults, $sanitized_settings );
+
+		update_site_option( 'wp_google_login_network_settings', $settings );
+
+		wp_cache_delete( 'wp_google_login_network_settings', 'site-options' );
+
+		wp_safe_redirect(
+			add_query_arg(
+				[
+					'page'    => 'login-with-google-network',
+					'updated' => 'true',
+				],
+				network_admin_url( 'settings.php' ) 
+			) 
+		);
+		exit;
+	}
+
+	/**
+	 * Registers the settings for the single site installations.
+	 *
+	 * @return void
+	 */
+	public function register_settings(): void {
+		if ( is_multisite() && is_network_admin() ) {
+			return;
+		}
+
+		register_setting( 'wp_google_login', 'wp_google_login_settings' );
+
+		add_settings_section(
 			'wp_google_login_section',
-			[ 'label_for' => 'client-secret' ]
+			__( 'Log in with Google Settings', 'login-with-google' ),
+			function () {},
+			'login-with-google'
 		);
 
+		if ( ! is_multisite() ) {
+			add_settings_field(
+				'wp_google_login_client_id',
+				__( 'Client ID', 'login-with-google' ),
+				[ $this, 'client_id_field' ],
+				'login-with-google',
+				'wp_google_login_section',
+				[ 'label_for' => 'client-id' ]
+			);
+
+			add_settings_field(
+				'wp_google_login_client_secret',
+				__( 'Client Secret', 'login-with-google' ),
+				[ $this, 'client_secret_field' ],
+				'login-with-google',
+				'wp_google_login_section',
+				[ 'label_for' => 'client-secret' ]
+			);
+		}
+
+		$apply_globally   = false;
+		$network_settings = [];
+
+		if ( is_multisite() ) {
+			$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
+			$apply_globally   = ! empty( $network_settings['apply_globally'] );
+		}
+
 		add_settings_field(
 			'wp_google_allow_registration',
 			__( 'Create New User', 'login-with-google' ),
 			[ $this, 'user_registration' ],
 			'login-with-google',
 			'wp_google_login_section',
-			[ 'label_for' => 'user-registration' ]
+			[
+				'readonly'         => $apply_globally,
+				'network_settings' => $network_settings,
+				'label_for'        => 'user-registration',
+			]
 		);
 
 		add_settings_field(
@@ -142,7 +378,11 @@ function () {
 			[ $this, 'one_tap_login' ],
 			'login-with-google',
 			'wp_google_login_section',
-			[ 'label_for' => 'one-tap-login' ]
+			[
+				'readonly'         => $apply_globally,
+				'network_settings' => $network_settings,
+				'label_for'        => 'one-tap-login',
+			]
 		);
 
 		add_settings_field(
@@ -151,7 +391,11 @@ function () {
 			[ $this, 'one_tap_login_screens' ],
 			'login-with-google',
 			'wp_google_login_section',
-			[ 'label_for' => 'one-tap-login-screen' ]
+			[
+				'readonly'         => $apply_globally,
+				'network_settings' => $network_settings,
+				'label_for'        => 'one-tap-login-screen',
+			]
 		);
 
 		add_settings_field(
@@ -160,18 +404,30 @@ function () {
 			[ $this, 'whitelisted_domains' ],
 			'login-with-google',
 			'wp_google_login_section',
-			[ 'label_for' => 'whitelisted-domains' ]
+			[
+				'readonly'         => $apply_globally,
+				'network_settings' => $network_settings,
+				'label_for'        => 'whitelisted-domains',
+			]
 		);
 	}
 
 	/**
-	 * Render client ID field.
+	 * Renders the input field for the Client ID setting.
+	 *
+	 * @param array $args Additional arguments for the field.
 	 *
 	 * @return void
 	 */
-	public function client_id_field(): void {
+	public function client_id_field( $args = [] ): void {
+		$is_network = isset( $args['context'] ) && 'network' === $args['context'];
+		$value      = $is_network
+			? ( get_site_option( 'wp_google_login_network_settings' )['client_id'] ?? '' )
+			: $this->get_client_id(); // Use the robust getter!
+		$name       = $is_network ? 'wp_google_login_network_settings[client_id]' : 'wp_google_login_settings[client_id]';
 		?>
-		<input type='text' name='wp_google_login_settings[client_id]' id="client-id" value='<?php echo esc_attr( $this->client_id ); ?>' autocomplete="off" <?php $this->disabled( 'client_id' ); ?> />
+
+		<input type='text' name='<?php echo esc_attr( $name ); ?>' id="client-id" value='<?php echo esc_attr( $value ); ?>' autocomplete="off" />
 		<p class="description">
 			<?php
 			echo wp_kses_post(
@@ -188,27 +444,83 @@ public function client_id_field(): void {
 	}
 
 	/**
-	 * Render client secret field.
+	 * Renders the input field for the Client Secret setting.
+	 *
+	 * @param array $args Additional arguments for the field.
 	 *
 	 * @return void
 	 */
-	public function client_secret_field(): void {
+	public function client_secret_field( $args = [] ): void {
+		$is_network = isset( $args['context'] ) && 'network' === $args['context'];
+		$value      = $is_network
+			? ( get_site_option( 'wp_google_login_network_settings' )['client_secret'] ?? '' )
+			: $this->get_client_secret();
+		$name       = $is_network ? 'wp_google_login_network_settings[client_secret]' : 'wp_google_login_settings[client_secret]';
 		?>
-		<input type='password' name='wp_google_login_settings[client_secret]' id="client-secret" value='<?php echo esc_attr( $this->client_secret ); ?>' autocomplete="off" <?php $this->disabled( 'client_secret' ); ?> />
+		<input type='password' name='<?php echo esc_attr( $name ); ?>' id="client-secret" value='<?php echo esc_attr( $value ); ?>' autocomplete="off" />
 		<?php
 	}
 
 	/**
-	 * User registration field.
+	 * Renders the input field for the "Apply Globally" setting.
+	 *
+	 * @param array $args Additional arguments for the field.
 	 *
-	 * This will tell us whether or not to create the user
-	 * if the user does not exist on WP application.
+	 * @return void
+	 */
+	public function apply_globally_field( $args = [] ): void {
+		$network_options = get_site_option( 'wp_google_login_network_settings', [] );
+		?>
+		<input type="checkbox" name="wp_google_login_network_settings[apply_globally]" id="apply-globally" value="1" <?php checked( ! empty( $network_options['apply_globally'] ) ); ?> />
+		<?php
+		esc_html_e( 'Apply all settings to all sites in the network', 'login-with-google' );
+	}
+
+	/**
+	 * Renders the input field for the User Registration setting.
 	 *
-	 * This is irrespective of registration flag present in Settings > General
+	 * @param array $args Additional arguments for the field.
 	 *
 	 * @return void
 	 */
-	public function user_registration(): void {
+	public function user_registration( $args = [] ): void {
+		$is_network       = isset( $args['context'] ) && 'network' === $args['context'];
+		$readonly         = ! empty( $args['readonly'] );
+		$network_settings = $args['network_settings'] ?? [];
+
+		if ( $is_network ) {
+			$checked = ! empty( get_site_option( 'wp_google_login_network_settings', [] )['registration_enabled'] );
+			?>
+			<label style='display:block;margin-top:6px;'>
+				<input type='checkbox'
+					name='wp_google_login_network_settings[registration_enabled]'
+					id="user-registration" <?php checked( $checked ); ?>
+					value='1'>
+				<?php esc_html_e( 'Create a new user account if it does not exist already', 'login-with-google' ); ?>
+			</label>
+			<p class="description">
+				<?php
+				echo wp_kses_post(
+					sprintf(
+						// translators: %s is replaced with URL of membership settings page.
+						__( 'If this setting is checked, a new user will be created even if <a target="_blank" href="%1s">membership setting</a> is off.', 'login-with-google' ),
+						'network/settings.php'
+					)
+				);
+				?>
+			</p>
+			<?php
+			return;
+		}
+
+		if ( $readonly ) {
+			$checked = ! empty( $network_settings['registration_enabled'] );
+			?>
+			<input type="checkbox" disabled <?php checked( $checked ); ?> />
+			<span><?php esc_html_e( 'Managed globally by network admin.', 'login-with-google' ); ?></span>
+			<?php
+			return;
+		}
 		?>
 		<label style='display:block;margin-top:6px;'><input <?php $this->disabled( 'registration_enabled' ); ?> type='checkbox'
 															name='wp_google_login_settings[registration_enabled]'
@@ -220,7 +532,7 @@ public function user_registration(): void {
 			<?php
 			echo wp_kses_post(
 				sprintf(
-				/* translators: %1s will be replaced by page link */
+					// translators: %s is replaced with URL of membership settings page.
 					__( 'If this setting is checked, a new user will be created even if <a target="_blank" href="%1s">membership setting</a> is off.', 'login-with-google' ),
 					is_multisite() ? 'network/settings.php' : 'options-general.php'
 				)
@@ -231,16 +543,46 @@ public function user_registration(): void {
 	}
 
 	/**
-	 * Toggle One Tap Login functionality.
+	 * Renders the input field for the One Tap Login setting.
+	 *
+	 * @param array $args Additional arguments for the field.
 	 *
 	 * @return void
 	 */
-	public function one_tap_login(): void {
+	public function one_tap_login( $args = [] ): void {
+		$is_network       = isset( $args['context'] ) && 'network' === $args['context'];
+		$readonly         = ! empty( $args['readonly'] );
+		$network_settings = $args['network_settings'] ?? [];
+
+		if ( $is_network ) {
+			$checked = ! empty( get_site_option( 'wp_google_login_network_settings', [] )['one_tap_login'] );
+			?>
+			<label style='display:block;margin-top:6px;'><input
+					type='checkbox'
+					name='wp_google_login_network_settings[one_tap_login]'
+					id="one-tap-login" <?php checked( $checked ); ?>
+					value='1'>
+				<?php esc_html_e( 'One Tap Login', 'login-with-google' ); ?>
+			</label>
+			<?php
+			return;
+		}
+
+		if ( $readonly ) {
+			$checked = ! empty( $network_settings['one_tap_login'] );
+			?>
+			<input type="checkbox" disabled <?php checked( $checked ); ?> />
+			<span><?php esc_html_e( 'Managed globally by network admin.', 'login-with-google' ); ?></span>
+			<?php
+			return;
+		}
+
+		$checked = $this->one_tap_login;
 		?>
 		<label style='display:block;margin-top:6px;'><input <?php $this->disabled( 'one_tap_login' ); ?>
 					type='checkbox'
 					name='wp_google_login_settings[one_tap_login]'
-					id="one-tap-login" <?php echo esc_attr( checked( $this->one_tap_login ) ); ?>
+					id="one-tap-login" <?php echo esc_attr( checked( $checked ) ); ?>
 					value='1'>
 			<?php esc_html_e( 'One Tap Login', 'login-with-google' ); ?>
 		</label>
@@ -248,73 +590,140 @@ public function one_tap_login(): void {
 	}
 
 	/**
-	 * One tap login screens.
+	 * Renders the input field for the One Tap Login Screens setting.
 	 *
-	 * It can be enabled only for wp-login.php OR sitewide.
+	 * @param array $args Additional arguments for the field.
 	 *
 	 * @return void
 	 */
-	public function one_tap_login_screens(): void {
-		$default = $this->one_tap_login_screen ?? '';
+	public function one_tap_login_screens( $args = [] ): void {
+		$is_network       = isset( $args['context'] ) && 'network' === $args['context'];
+		$readonly         = ! empty( $args['readonly'] );
+		$network_settings = $args['network_settings'] ?? [];
+
+		// Readonly disables radios and adds notice.
+		if ( $readonly ) {
+			$one_tap_enabled = ! empty( $network_settings['one_tap_login'] );
+			$value           = $network_settings['one_tap_login_screen'] ?? '';
+			if ( $one_tap_enabled ) {
+				?>
+				<label for="one-tap-login-screen" style='display:block;margin-top:6px;'>
+					<input type='radio' disabled id="one-tap-login-screen" <?php checked( $value, 'login' ); ?> />
+					<?php esc_html_e( 'Enable One Tap Login Only on Login Screen', 'login-with-google' ); ?>
+				</label>
+				<label for="one-tap-login-screen-sitewide" style='display:block;margin-top:6px;'>
+					<input type='radio' disabled id="one-tap-login-screen-sitewide" <?php checked( $value, 'sitewide' ); ?> />
+					<?php esc_html_e( 'Enable One Tap Login Site-wide', 'login-with-google' ); ?>
+				</label>
+				<span><?php esc_html_e( 'Managed globally by network admin.', 'login-with-google' ); ?></span>
+				<?php
+			} else {
+				// Output a hidden input just for JS to find the <tr> to facilitate the hiding of the fields.
+				?>
+				<input type="hidden" id="one-tap-login-screen" />
+				<?php
+			}
+			?>
+			<script type="text/javascript">
+				(function($){
+					$(document).ready(function(){
+						var oneTapEnabled = <?php echo $one_tap_enabled ? 'true' : 'false'; ?>;
+						if(!oneTapEnabled) {
+							$("#one-tap-login-screen").parents("tr").hide();
+						}
+					});
+				})(jQuery);
+			</script>
+			<?php
+			return;
+		}
+		if ( $is_network ) {
+			$settings        = get_site_option( 'wp_google_login_network_settings', [] );
+			$one_tap_enabled = ! empty( $settings['one_tap_login'] );
+			$value           = $settings['one_tap_login_screen'] ?? '';
+			$name            = 'wp_google_login_network_settings[one_tap_login_screen]';
+		} else {
+			$one_tap_enabled = $this->one_tap_login;
+			$value           = $this->one_tap_login_screen ?? '';
+			$name            = 'wp_google_login_settings[one_tap_login_screen]';
+		}
 		?>
-		<label style='display:block;margin-top:6px;'><input <?php $this->disabled( 'one_tap_login' ); ?>
-					type='radio'
-					name='wp_google_login_settings[one_tap_login_screen]'
-					id="one-tap-login-screen-login" <?php echo esc_attr( checked( $this->one_tap_login_screen, $default ) ); ?>
-					value='login'>
+		<label for="one-tap-login-screen" style='display:block;margin-top:6px;'>
+			<input <?php $this->disabled( 'one_tap_login' ); ?>
+				type='radio'
+				name='<?php echo esc_attr( $name ); ?>'
+				id="one-tap-login-screen"
+				<?php checked( $value, 'login' ); ?>
+				value='login'>
 			<?php esc_html_e( 'Enable One Tap Login Only on Login Screen', 'login-with-google' ); ?>
 		</label>
-		<label style='display:block;margin-top:6px;'><input <?php $this->disabled( 'one_tap_login' ); ?>
-					type='radio'
-					name='wp_google_login_settings[one_tap_login_screen]'
-					id="one-tap-login-screen-sitewide" <?php echo esc_attr( checked( $this->one_tap_login_screen, 'sitewide' ) ); ?>
-					value='sitewide'>
+		<label for="one-tap-login-screen-sitewide" style='display:block;margin-top:6px;'>
+			<input <?php $this->disabled( 'one_tap_login' ); ?>
+				type='radio'
+				name='<?php echo esc_attr( $name ); ?>'
+				id="one-tap-login-screen-sitewide"
+				<?php checked( $value, 'sitewide' ); ?>
+				value='sitewide'>
 			<?php esc_html_e( 'Enable One Tap Login Site-wide', 'login-with-google' ); ?>
 		</label>
+		<script type="text/javascript">
+			jQuery(document).ready(function () {
+				var toggle = function () {
+					var enabled = jQuery("#one-tap-login").is(":checked");
+					var tr_elem = jQuery("#one-tap-login-screen").parents("tr");
+					if (enabled) {
+						tr_elem.show();
+					} else {
+						tr_elem.hide();
+					}
+				};
+				jQuery("#one-tap-login").on('change', toggle);
+				toggle();
+			});
+		</script>
 		<?php
-		// phpcs:disable
-		?>
-        <script type="text/javascript">
-            jQuery(document).ready(function () {
-                var toggle = function () {
-                    var enabled = jQuery("#one-tap-login").is(":checked");
-                    var tr_elem = jQuery("#one-tap-login-screen-login").parents("tr");
-                    if (enabled) {
-                        tr_elem.show();
-                        return;
-                    }
-
-                    tr_elem.hide();
-                };
-                jQuery("#one-tap-login").on('change', toggle);
-                toggle();
-            });
-        </script>
-		<?php
-		// phpcs:enable
 	}
 
 	/**
-	 * Whitelisted domains for registration.
+	 * Renders the input field for the Whitelisted Domains setting.
 	 *
-	 * Only emails belonging to these domains would be preferred
-	 * for registration.
-	 *
-	 * If left blank, all domains would be allowed.
+	 * @param array $args Additional arguments for the field.
 	 *
 	 * @return void
 	 */
-	public function whitelisted_domains(): void {
+	public function whitelisted_domains( $args = [] ): void {
+		$is_network       = isset( $args['context'] ) && 'network' === $args['context'];
+		$readonly         = ! empty( $args['readonly'] );
+		$network_settings = $args['network_settings'] ?? [];
+		$value            = $is_network
+			? ( get_site_option( 'wp_google_login_network_settings', [] )['whitelisted_domains'] ?? '' )
+			: ( $readonly ? ( $network_settings['whitelisted_domains'] ?? '' ) : $this->whitelisted_domains );
+		$name             = $is_network ? 'wp_google_login_network_settings[whitelisted_domains]' : 'wp_google_login_settings[whitelisted_domains]';
+
+		if ( $readonly ) {
+			?>
+			<input type='text' disabled value='<?php echo esc_attr( $value ); ?>' autocomplete="off" />
+			<span><?php esc_html_e( 'Managed globally by network admin.', 'login-with-google' ); ?></span>
+			<p class="description">
+				<?php echo esc_html( __( 'Add each domain comma separated', 'login-with-google' ) ); ?>
+			</p>
+			<?php
+			return;
+		}
 		?>
-		<input <?php $this->disabled( 'whitelisted_domains' ); ?> type='text' name='wp_google_login_settings[whitelisted_domains]' id="whitelisted-domains" value='<?php echo esc_attr( $this->whitelisted_domains ); ?>' autocomplete="off" />
+		<input type='text'
+			name='<?php echo esc_attr( $name ); ?>'
+			id="whitelisted-domains"
+			value='<?php echo esc_attr( $value ); ?>'
+			autocomplete="off" />
 		<p class="description">
-			<?php echo esc_html( __( 'Add each domain comma separated', 'login-with-google' ) ); ?>
+			<?php esc_html_e( 'Add each domain comma separated', 'login-with-google' ); ?>
 		</p>
 		<?php
 	}
 
 	/**
-	 * Add settings sub-menu page in admin menu.
+	 * Adds the settings page to the WordPress admin menu.
 	 *
 	 * @return void
 	 */
@@ -329,29 +738,28 @@ public function settings_page(): void {
 	}
 
 	/**
-	 * Output the plugin settings.
+	 * Outputs the settings page HTML.
 	 *
 	 * @return void
 	 */
 	public function output(): void {
 		?>
 		<div class="wrap">
-		<form action='options.php' method='post'>
-			<?php
-			settings_fields( 'wp_google_login' );
-			do_settings_sections( 'login-with-google' );
-			submit_button();
-			?>
-		</form>
+			<form action='options.php' method='post'>
+				<?php
+				settings_fields( 'wp_google_login' );
+				do_settings_sections( 'login-with-google' );
+				submit_button();
+				?>
+			</form>
 		</div>
 		<?php
 	}
 
 	/**
-	 * Outputs the disabled attribute if field needs to
-	 * be disabled.
+	 * Outputs 'disabled' attribute if the setting is defined as a constant.
 	 *
-	 * @param string $id Input ID.
+	 * @param string $id The setting identifier.
 	 *
 	 * @return void
 	 */
@@ -368,4 +776,4 @@ private function disabled( string $id ): void {
 			}
 		}
 	}
-}
+}
\ No newline at end of file

From a20ae54e35c70857928cbfa6c82874b2776bd8dd Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Wed, 1 Oct 2025 12:02:53 +0530
Subject: [PATCH 02/11] Bug fixes for subsite client id fetching

---
 src/Modules/Settings.php | 146 +++++++++++++++++----------------------
 1 file changed, 63 insertions(+), 83 deletions(-)

diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index 704da6ca..cc256613 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -54,7 +54,6 @@ public function __get( string $name ) {
 			$constant_name = array_search( $name, $this->getters, true );
 			return defined( $constant_name ) ? constant( $constant_name ) : ( $this->options[ $name ] ?? '' );
 		}
-
 		return null;
 	}
 
@@ -64,7 +63,8 @@ public function __get( string $name ) {
 	 * @return string
 	 */
 	public function name(): string {
-		return 'settings'; }
+		return 'settings';
+	}
 
 	/**
 	 * Initializes the settings module.
@@ -83,36 +83,28 @@ public function init(): void {
 	}
 
 	/**
-	 * Retrieves the Google OAuth Client ID, respecting multisite/global settings.
+	 * Retrieves the Google OAuth Client ID, always from the network settings in multisite.
 	 *
 	 * @return string
 	 */
 	public function get_client_id() {
 		if ( is_multisite() ) {
 			$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
-
-			if ( ! empty( $network_settings['apply_globally'] ) && ! empty( $network_settings['client_id'] ) ) {
-				return $network_settings['client_id'];
-			}
+			return $network_settings['client_id'] ?? '';
 		}
-
 		return $this->client_id;
 	}
 
 	/**
-	 * Retrieves the Google OAuth Client Secret, respecting multisite/global settings.
+	 * Retrieves the Google OAuth Client Secret, always from the network settings in multisite.
 	 *
 	 * @return string
 	 */
 	public function get_client_secret() {
 		if ( is_multisite() ) {
 			$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
-
-			if ( ! empty( $network_settings['apply_globally'] ) && ! empty( $network_settings['client_secret'] ) ) {
-				return $network_settings['client_secret'];
-			}
+			return $network_settings['client_secret'] ?? '';
 		}
-
 		return $this->client_secret;
 	}
 
@@ -318,20 +310,24 @@ public function save_network_settings() {
 	 * @return void
 	 */
 	public function register_settings(): void {
-		if ( is_multisite() && is_network_admin() ) {
-			return;
-		}
-
-		register_setting( 'wp_google_login', 'wp_google_login_settings' );
+		// Do not register client_id/client_secret fields on subsites in multisite mode.
+		if ( is_multisite() ) {
+			// Only allow registration in network admin.
+			if ( is_network_admin() ) {
+				// Network admin gets network settings, handled elsewhere.
+				return;
+			}
+			// Subsites do not register client_id/client_secret fields.
+		} else {
+			register_setting( 'wp_google_login', 'wp_google_login_settings' );
 
-		add_settings_section(
-			'wp_google_login_section',
-			__( 'Log in with Google Settings', 'login-with-google' ),
-			function () {},
-			'login-with-google'
-		);
+			add_settings_section(
+				'wp_google_login_section',
+				__( 'Log in with Google Settings', 'login-with-google' ),
+				function () {},
+				'login-with-google'
+			);
 
-		if ( ! is_multisite() ) {
 			add_settings_field(
 				'wp_google_login_client_id',
 				__( 'Client ID', 'login-with-google' ),
@@ -349,67 +345,51 @@ function () {},
 				'wp_google_login_section',
 				[ 'label_for' => 'client-secret' ]
 			);
-		}
 
-		$apply_globally   = false;
-		$network_settings = [];
-
-		if ( is_multisite() ) {
-			$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
-			$apply_globally   = ! empty( $network_settings['apply_globally'] );
-		}
-
-		add_settings_field(
-			'wp_google_allow_registration',
-			__( 'Create New User', 'login-with-google' ),
-			[ $this, 'user_registration' ],
-			'login-with-google',
-			'wp_google_login_section',
-			[
-				'readonly'         => $apply_globally,
-				'network_settings' => $network_settings,
-				'label_for'        => 'user-registration',
-			]
-		);
+			add_settings_field(
+				'wp_google_allow_registration',
+				__( 'Create New User', 'login-with-google' ),
+				[ $this, 'user_registration' ],
+				'login-with-google',
+				'wp_google_login_section',
+				[
+					'label_for' => 'user-registration',
+				]
+			);
 
-		add_settings_field(
-			'wp_google_one_tap_login',
-			__( 'Enable One Tap Login', 'login-with-google' ),
-			[ $this, 'one_tap_login' ],
-			'login-with-google',
-			'wp_google_login_section',
-			[
-				'readonly'         => $apply_globally,
-				'network_settings' => $network_settings,
-				'label_for'        => 'one-tap-login',
-			]
-		);
+			add_settings_field(
+				'wp_google_one_tap_login',
+				__( 'Enable One Tap Login', 'login-with-google' ),
+				[ $this, 'one_tap_login' ],
+				'login-with-google',
+				'wp_google_login_section',
+				[
+					'label_for' => 'one-tap-login',
+				]
+			);
 
-		add_settings_field(
-			'wp_google_one_tap_login_screen',
-			__( 'One Tap Login Locations', 'login-with-google' ),
-			[ $this, 'one_tap_login_screens' ],
-			'login-with-google',
-			'wp_google_login_section',
-			[
-				'readonly'         => $apply_globally,
-				'network_settings' => $network_settings,
-				'label_for'        => 'one-tap-login-screen',
-			]
-		);
+			add_settings_field(
+				'wp_google_one_tap_login_screen',
+				__( 'One Tap Login Locations', 'login-with-google' ),
+				[ $this, 'one_tap_login_screens' ],
+				'login-with-google',
+				'wp_google_login_section',
+				[
+					'label_for' => 'one-tap-login-screen',
+				]
+			);
 
-		add_settings_field(
-			'wp_google_whitelisted_domain',
-			__( 'Whitelisted Domains', 'login-with-google' ),
-			[ $this, 'whitelisted_domains' ],
-			'login-with-google',
-			'wp_google_login_section',
-			[
-				'readonly'         => $apply_globally,
-				'network_settings' => $network_settings,
-				'label_for'        => 'whitelisted-domains',
-			]
-		);
+			add_settings_field(
+				'wp_google_whitelisted_domain',
+				__( 'Whitelisted Domains', 'login-with-google' ),
+				[ $this, 'whitelisted_domains' ],
+				'login-with-google',
+				'wp_google_login_section',
+				[
+					'label_for' => 'whitelisted-domains',
+				]
+			);
+		}
 	}
 
 	/**

From 185f8746c4b0aa30e13c27d93ecdc747468e93c3 Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Wed, 1 Oct 2025 12:14:03 +0530
Subject: [PATCH 03/11] Updated Documentation

---
 README.md                | 1 +
 readme.txt               | 3 ++-
 src/Modules/Settings.php | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 7f8fca07..925a8394 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,7 @@ passwords. Just one click and land into the site!
 
 3. Once you create the app, you will receive the `Client ID` and `Client Secret`, add these credentials
 in `Settings > Login with Google` settings page in their respective fields.
+   -  If you have a multisite setup, navigate to `Network Settings` for the site and place the credentials over there as they are globally applied. For the remaining settings mentioned below, you can choose for the subsites to have their individual configurations or have a standard configuration be applied globally to all subsites.
 
 4. `Create new user` enables new user registration irrespective of `Membership` settings in
    `Settings > General`; as sometimes enabling user registration can lead to lots of spam users.
diff --git a/readme.txt b/readme.txt
index 266eed89..6cf37e27 100644
--- a/readme.txt
+++ b/readme.txt
@@ -29,12 +29,13 @@ Ultra minimal plugin to let your users login to WordPress applications using the
 3. This will give you **Client ID** and **Secret key**.
 
 
-4. Input these values either in `WP Admin > Settings > WP Google Login`, or in `wp-config.php` using the following code snippet:
+4. Input these values either in `WP Admin > Settings > Login With Google`, or in `wp-config.php` using the following code snippet:
 
 ```
 define( 'WP_GOOGLE_LOGIN_CLIENT_ID', 'YOUR_GOOGLE_CLIENT_ID' );
 define( 'WP_GOOGLE_LOGIN_SECRET', 'YOUR_SECRET_KEY' );
 ```
+If you have a multisite setup, only `Network Administrator` will be able to modify these credentials from `Network Admin > Settings > Login With Google`.
 
 ### Browser support
 [These browsers are supported](https://developers.google.com/identity/gsi/web/guides/supported-browsers). Note, for example, that One Tap Login is not supported in Safari.
diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index cc256613..f367a5bc 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -274,6 +274,7 @@ public function save_network_settings() {
 		];
 
 		$settings = $_POST['wp_google_login_network_settings'] ?? []; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+		// Sanitizing the settings array below.
 
 		// Sanitize each field.
 		$sanitized_settings = [
@@ -317,7 +318,6 @@ public function register_settings(): void {
 				// Network admin gets network settings, handled elsewhere.
 				return;
 			}
-			// Subsites do not register client_id/client_secret fields.
 		} else {
 			register_setting( 'wp_google_login', 'wp_google_login_settings' );
 

From d28bac81ed87f5fa4fb83ef467d225460190bc67 Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Wed, 1 Oct 2025 14:27:42 +0530
Subject: [PATCH 04/11] Updated the Apply Globally settings to hide remaining

---
 src/Modules/Settings.php | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index f367a5bc..daaa8232 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -452,8 +452,31 @@ public function apply_globally_field( $args = [] ): void {
 		$network_options = get_site_option( 'wp_google_login_network_settings', [] );
 		?>
 		<input type="checkbox" name="wp_google_login_network_settings[apply_globally]" id="apply-globally" value="1" <?php checked( ! empty( $network_options['apply_globally'] ) ); ?> />
+		<?php esc_html_e( 'Apply all settings to all sites in the network', 'login-with-google' ); ?>
+		<script type="text/javascript">
+			jQuery(document).ready(function($){
+				function toggleGlobalRows() {
+					var applyGloballyEnabled = $("#apply-globally").is(":checked");
+					var selectors = [
+						"#one-tap-login",
+						"#one-tap-login-screen",
+						"#user-registration",
+						"#whitelisted-domains"
+					];
+					selectors.forEach(function(sel){
+						var $row = $(sel).closest("tr");
+						if(applyGloballyEnabled) {
+							$row.show();
+						} else {
+							$row.hide();
+						}
+					});
+				}
+				$("#apply-globally").on('change', toggleGlobalRows);
+				toggleGlobalRows();
+			});
+		</script>
 		<?php
-		esc_html_e( 'Apply all settings to all sites in the network', 'login-with-google' );
 	}
 
 	/**

From 81c2c47caed1f7d279a0d02f0ea3a5e23646904c Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Thu, 6 Nov 2025 18:25:07 +0530
Subject: [PATCH 05/11] Fixed regression bug

---
 src/Modules/Settings.php | 252 +++++++++++++++++++--------------------
 1 file changed, 125 insertions(+), 127 deletions(-)

diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index daaa8232..f78f7d38 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -311,23 +311,22 @@ public function save_network_settings() {
 	 * @return void
 	 */
 	public function register_settings(): void {
-		// Do not register client_id/client_secret fields on subsites in multisite mode.
-		if ( is_multisite() ) {
-			// Only allow registration in network admin.
-			if ( is_network_admin() ) {
-				// Network admin gets network settings, handled elsewhere.
-				return;
-			}
-		} else {
-			register_setting( 'wp_google_login', 'wp_google_login_settings' );
+		// Only allow registration in network admin for network settings.
+		if ( is_multisite() && is_network_admin() ) {
+			return;
+		}
 
-			add_settings_section(
-				'wp_google_login_section',
-				__( 'Log in with Google Settings', 'login-with-google' ),
-				function () {},
-				'login-with-google'
-			);
+		register_setting( 'wp_google_login', 'wp_google_login_settings' );
+
+		add_settings_section(
+			'wp_google_login_section',
+			__( 'Log in with Google Settings', 'login-with-google' ),
+			function () {},
+			'login-with-google'
+		);
 
+		// Only show client_id/client_secret on single site installs.
+		if ( ! is_multisite() ) {
 			add_settings_field(
 				'wp_google_login_client_id',
 				__( 'Client ID', 'login-with-google' ),
@@ -345,51 +344,67 @@ function () {},
 				'wp_google_login_section',
 				[ 'label_for' => 'client-secret' ]
 			);
+		}
 
-			add_settings_field(
-				'wp_google_allow_registration',
-				__( 'Create New User', 'login-with-google' ),
-				[ $this, 'user_registration' ],
-				'login-with-google',
-				'wp_google_login_section',
-				[
-					'label_for' => 'user-registration',
-				]
-			);
+		// For multisite subsites, check if apply_globally is enabled.
+		$readonly         = false;
+		$network_settings = [];
+		if ( is_multisite() && ! is_network_admin() ) {
+			$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
+			$readonly         = ! empty( $network_settings['apply_globally'] );
+		}
 
-			add_settings_field(
-				'wp_google_one_tap_login',
-				__( 'Enable One Tap Login', 'login-with-google' ),
-				[ $this, 'one_tap_login' ],
-				'login-with-google',
-				'wp_google_login_section',
-				[
-					'label_for' => 'one-tap-login',
-				]
-			);
+		add_settings_field(
+			'wp_google_allow_registration',
+			__( 'Create New User', 'login-with-google' ),
+			[ $this, 'user_registration' ],
+			'login-with-google',
+			'wp_google_login_section',
+			[
+				'label_for'        => 'user-registration',
+				'readonly'         => $readonly,
+				'network_settings' => $network_settings,
+			]
+		);
 
-			add_settings_field(
-				'wp_google_one_tap_login_screen',
-				__( 'One Tap Login Locations', 'login-with-google' ),
-				[ $this, 'one_tap_login_screens' ],
-				'login-with-google',
-				'wp_google_login_section',
-				[
-					'label_for' => 'one-tap-login-screen',
-				]
-			);
+		add_settings_field(
+			'wp_google_one_tap_login',
+			__( 'Enable One Tap Login', 'login-with-google' ),
+			[ $this, 'one_tap_login' ],
+			'login-with-google',
+			'wp_google_login_section',
+			[
+				'label_for'        => 'one-tap-login',
+				'readonly'         => $readonly,
+				'network_settings' => $network_settings,
+			]
+		);
 
-			add_settings_field(
-				'wp_google_whitelisted_domain',
-				__( 'Whitelisted Domains', 'login-with-google' ),
-				[ $this, 'whitelisted_domains' ],
-				'login-with-google',
-				'wp_google_login_section',
-				[
-					'label_for' => 'whitelisted-domains',
-				]
-			);
-		}
+		add_settings_field(
+			'wp_google_one_tap_login_screen',
+			__( 'One Tap Login Locations', 'login-with-google' ),
+			[ $this, 'one_tap_login_screens' ],
+			'login-with-google',
+			'wp_google_login_section',
+			[
+				'label_for'        => 'one-tap-login-screen',
+				'readonly'         => $readonly,
+				'network_settings' => $network_settings,
+			]
+		);
+
+		add_settings_field(
+			'wp_google_whitelisted_domain',
+			__( 'Whitelisted Domains', 'login-with-google' ),
+			[ $this, 'whitelisted_domains' ],
+			'login-with-google',
+			'wp_google_login_section',
+			[
+				'label_for'        => 'whitelisted-domains',
+				'readonly'         => $readonly,
+				'network_settings' => $network_settings,
+			]
+		);
 	}
 
 	/**
@@ -604,84 +619,67 @@ public function one_tap_login_screens( $args = [] ): void {
 		$readonly         = ! empty( $args['readonly'] );
 		$network_settings = $args['network_settings'] ?? [];
 
-		// Readonly disables radios and adds notice.
-		if ( $readonly ) {
-			$one_tap_enabled = ! empty( $network_settings['one_tap_login'] );
-			$value           = $network_settings['one_tap_login_screen'] ?? '';
-			if ( $one_tap_enabled ) {
-				?>
-				<label for="one-tap-login-screen" style='display:block;margin-top:6px;'>
-					<input type='radio' disabled id="one-tap-login-screen" <?php checked( $value, 'login' ); ?> />
-					<?php esc_html_e( 'Enable One Tap Login Only on Login Screen', 'login-with-google' ); ?>
-				</label>
-				<label for="one-tap-login-screen-sitewide" style='display:block;margin-top:6px;'>
-					<input type='radio' disabled id="one-tap-login-screen-sitewide" <?php checked( $value, 'sitewide' ); ?> />
-					<?php esc_html_e( 'Enable One Tap Login Site-wide', 'login-with-google' ); ?>
-				</label>
-				<span><?php esc_html_e( 'Managed globally by network admin.', 'login-with-google' ); ?></span>
-				<?php
-			} else {
-				// Output a hidden input just for JS to find the <tr> to facilitate the hiding of the fields.
-				?>
-				<input type="hidden" id="one-tap-login-screen" />
-				<?php
-			}
-			?>
-			<script type="text/javascript">
-				(function($){
-					$(document).ready(function(){
-						var oneTapEnabled = <?php echo $one_tap_enabled ? 'true' : 'false'; ?>;
-						if(!oneTapEnabled) {
-							$("#one-tap-login-screen").parents("tr").hide();
-						}
-					});
-				})(jQuery);
-			</script>
-			<?php
-			return;
-		}
 		if ( $is_network ) {
-			$settings        = get_site_option( 'wp_google_login_network_settings', [] );
-			$one_tap_enabled = ! empty( $settings['one_tap_login'] );
-			$value           = $settings['one_tap_login_screen'] ?? '';
-			$name            = 'wp_google_login_network_settings[one_tap_login_screen]';
+			$settings = get_site_option( 'wp_google_login_network_settings', [] );
+			$value    = $settings['one_tap_login_screen'] ?? '';
+			$name     = 'wp_google_login_network_settings[one_tap_login_screen]';
 		} else {
-			$one_tap_enabled = $this->one_tap_login;
-			$value           = $this->one_tap_login_screen ?? '';
-			$name            = 'wp_google_login_settings[one_tap_login_screen]';
+			$value = $this->one_tap_login_screen ?? '';
+			$name  = 'wp_google_login_settings[one_tap_login_screen]';
 		}
+
 		?>
-		<label for="one-tap-login-screen" style='display:block;margin-top:6px;'>
-			<input <?php $this->disabled( 'one_tap_login' ); ?>
-				type='radio'
-				name='<?php echo esc_attr( $name ); ?>'
-				id="one-tap-login-screen"
-				<?php checked( $value, 'login' ); ?>
-				value='login'>
-			<?php esc_html_e( 'Enable One Tap Login Only on Login Screen', 'login-with-google' ); ?>
-		</label>
-		<label for="one-tap-login-screen-sitewide" style='display:block;margin-top:6px;'>
-			<input <?php $this->disabled( 'one_tap_login' ); ?>
-				type='radio'
-				name='<?php echo esc_attr( $name ); ?>'
-				id="one-tap-login-screen-sitewide"
-				<?php checked( $value, 'sitewide' ); ?>
-				value='sitewide'>
-			<?php esc_html_e( 'Enable One Tap Login Site-wide', 'login-with-google' ); ?>
-		</label>
+		<div id="one-tap-login-locations-container"
+		<?php
+		if ( $readonly ) {
+			echo ' style="pointer-events:none;opacity:0.7;"';}
+		?>
+		>
+			<label for="one-tap-login-screen" style='display:block;margin-top:6px;'>
+				<input type='radio'
+					name='<?php echo esc_attr( $name ); ?>'
+					id="one-tap-login-screen"
+					<?php checked( $value, 'login' ); ?>
+					value='login'
+					<?php
+					if ( $readonly ) {
+						echo 'disabled';}
+					?>
+					>
+				<?php esc_html_e( 'Enable One Tap Login Only on Login Screen', 'login-with-google' ); ?>
+			</label>
+			<label for="one-tap-login-screen-sitewide" style='display:block;margin-top:6px;'>
+				<input type='radio'
+					name='<?php echo esc_attr( $name ); ?>'
+					id="one-tap-login-screen-sitewide"
+					<?php checked( $value, 'sitewide' ); ?>
+					value='sitewide'
+					<?php
+					if ( $readonly ) {
+						echo 'disabled';}
+					?>
+					>
+				<?php esc_html_e( 'Enable One Tap Login Site-wide', 'login-with-google' ); ?>
+			</label>
+			<?php if ( $readonly ) : ?>
+				<span><?php esc_html_e( 'Managed globally by network admin.', 'login-with-google' ); ?></span>
+			<?php endif; ?>
+		</div>
 		<script type="text/javascript">
-			jQuery(document).ready(function () {
-				var toggle = function () {
-					var enabled = jQuery("#one-tap-login").is(":checked");
-					var tr_elem = jQuery("#one-tap-login-screen").parents("tr");
-					if (enabled) {
-						tr_elem.show();
+			jQuery(document).ready(function ($) {
+				function toggleOneTapLocationsRow() {
+					var $container = $("#one-tap-login-locations-container");
+					var applyGlobally = $("#apply-globally").length ? $("#apply-globally").is(":checked") : true;
+					var oneTapEnabled = $("#one-tap-login").is(":checked");
+
+					if ((applyGlobally && oneTapEnabled) || $container.css('pointer-events') === 'none') {
+						$container.show();
 					} else {
-						tr_elem.hide();
+						$container.hide();
 					}
-				};
-				jQuery("#one-tap-login").on('change', toggle);
-				toggle();
+				}
+				$("#apply-globally, #one-tap-login").on('change', toggleOneTapLocationsRow);
+				toggleOneTapLocationsRow();
 			});
 		</script>
 		<?php

From e6a1a0b29ebd58670c9a3c6b0385da90ddbecc12 Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Fri, 7 Nov 2025 13:08:31 +0530
Subject: [PATCH 06/11] Bug fix for JS

---
 src/Modules/Settings.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index f78f7d38..da10e706 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -668,14 +668,14 @@ public function one_tap_login_screens( $args = [] ): void {
 		<script type="text/javascript">
 			jQuery(document).ready(function ($) {
 				function toggleOneTapLocationsRow() {
-					var $container = $("#one-tap-login-locations-container");
+					// Find the parent <tr> of the container and hide/show it
+					var $row = $("#one-tap-login-locations-container").closest("tr");
 					var applyGlobally = $("#apply-globally").length ? $("#apply-globally").is(":checked") : true;
 					var oneTapEnabled = $("#one-tap-login").is(":checked");
-
-					if ((applyGlobally && oneTapEnabled) || $container.css('pointer-events') === 'none') {
-						$container.show();
+					if ((applyGlobally && oneTapEnabled) || $("#one-tap-login-locations-container").css('pointer-events') === 'none') {
+						$row.show();
 					} else {
-						$container.hide();
+						$row.hide();
 					}
 				}
 				$("#apply-globally, #one-tap-login").on('change', toggleOneTapLocationsRow);

From 6b0a49ee4ecc7d06cad0847396216f0da4b58f85 Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Fri, 7 Nov 2025 13:13:29 +0530
Subject: [PATCH 07/11] Implemented Copilot feedback

---
 src/Modules/Settings.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index da10e706..64239de1 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -87,7 +87,7 @@ public function init(): void {
 	 *
 	 * @return string
 	 */
-	public function get_client_id() {
+	public function get_client_id(): string {
 		if ( is_multisite() ) {
 			$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
 			return $network_settings['client_id'] ?? '';
@@ -100,7 +100,7 @@ public function get_client_id() {
 	 *
 	 * @return string
 	 */
-	public function get_client_secret() {
+	public function get_client_secret(): string {
 		if ( is_multisite() ) {
 			$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
 			return $network_settings['client_secret'] ?? '';
@@ -126,6 +126,8 @@ public function register_network_settings_page(): void {
 
 	/**
 	 * Outputs the network settings page HTML.
+	 *
+	 * @return void
 	 */
 	public function output_network_settings(): void {
 		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
@@ -256,7 +258,7 @@ function () {},
 	 *
 	 * @return void
 	 */
-	public function save_network_settings() {
+	public function save_network_settings(): void {
 		if ( ! current_user_can( 'manage_network_options' ) ) {
 			wp_die( esc_html__( 'Sorry, you are not allowed to manage network options.', 'login-with-google' ) );
 		}
@@ -632,7 +634,8 @@ public function one_tap_login_screens( $args = [] ): void {
 		<div id="one-tap-login-locations-container"
 		<?php
 		if ( $readonly ) {
-			echo ' style="pointer-events:none;opacity:0.7;"';}
+			echo ' style="pointer-events:none;opacity:0.7;"';
+		}
 		?>
 		>
 			<label for="one-tap-login-screen" style='display:block;margin-top:6px;'>
@@ -643,7 +646,8 @@ public function one_tap_login_screens( $args = [] ): void {
 					value='login'
 					<?php
 					if ( $readonly ) {
-						echo 'disabled';}
+						echo 'disabled';
+					}
 					?>
 					>
 				<?php esc_html_e( 'Enable One Tap Login Only on Login Screen', 'login-with-google' ); ?>
@@ -656,7 +660,8 @@ public function one_tap_login_screens( $args = [] ): void {
 					value='sitewide'
 					<?php
 					if ( $readonly ) {
-						echo 'disabled';}
+						echo 'disabled';
+					}
 					?>
 					>
 				<?php esc_html_e( 'Enable One Tap Login Site-wide', 'login-with-google' ); ?>

From dca90a80ac840061823018c2f5a26619048c667a Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Wed, 19 Nov 2025 17:18:39 +0530
Subject: [PATCH 08/11] Bug Fix for new account creation

---
 src/Modules/Settings.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index 64239de1..e88cf7a3 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -52,7 +52,19 @@ class Settings implements ModuleInterface {
 	public function __get( string $name ) {
 		if ( in_array( $name, $this->getters, true ) ) {
 			$constant_name = array_search( $name, $this->getters, true );
-			return defined( $constant_name ) ? constant( $constant_name ) : ( $this->options[ $name ] ?? '' );
+			if ( defined( $constant_name ) ) {
+				return constant( $constant_name );
+			}
+
+			// --- Multisite: If apply_globally is enabled, use network settings ---
+			if ( is_multisite() ) {
+				$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
+				if ( ! empty( $network_settings['apply_globally'] ) && array_key_exists( $name, $network_settings ) ) {
+					return $network_settings[ $name ];
+				}
+			}
+
+			return $this->options[ $name ] ?? null;
 		}
 		return null;
 	}

From 735248b51d574c0dcfd97b09eac16b396ee8821e Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Wed, 19 Nov 2025 17:21:44 +0530
Subject: [PATCH 09/11] Implemented feedback changes

---
 src/Modules/Settings.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index e88cf7a3..57179470 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -97,6 +97,8 @@ public function init(): void {
 	/**
 	 * Retrieves the Google OAuth Client ID, always from the network settings in multisite.
 	 *
+	 * @since n.e.x.t
+	 *
 	 * @return string
 	 */
 	public function get_client_id(): string {

From 1c49cb8ddb4f71956875cfc53721ff904e24a880 Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Wed, 19 Nov 2025 17:24:09 +0530
Subject: [PATCH 10/11] Documentation Update

---
 src/Modules/Settings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index 57179470..e2bb78b3 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -56,7 +56,7 @@ public function __get( string $name ) {
 				return constant( $constant_name );
 			}
 
-			// --- Multisite: If apply_globally is enabled, use network settings ---
+			// Multisite: If apply_globally is enabled, use network settings.
 			if ( is_multisite() ) {
 				$network_settings = get_site_option( 'wp_google_login_network_settings', [] );
 				if ( ! empty( $network_settings['apply_globally'] ) && array_key_exists( $name, $network_settings ) ) {

From 8b1530ca8a0e543bbc49de89038a2da119432d2c Mon Sep 17 00:00:00 2001
From: Chirag Mathur <mchirag2002@gmail.com>
Date: Tue, 25 Nov 2025 12:04:07 +0530
Subject: [PATCH 11/11] Implemeted PR feedback changes

---
 src/Modules/Settings.php | 40 +++++++++++++++++++++++++---------------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/src/Modules/Settings.php b/src/Modules/Settings.php
index e2bb78b3..743452dd 100644
--- a/src/Modules/Settings.php
+++ b/src/Modules/Settings.php
@@ -131,7 +131,7 @@ public function register_network_settings_page(): void {
 		add_submenu_page(
 			'settings.php',
 			__( 'Login with Google Network Settings', 'login-with-google' ),
-			__( 'Login with Google', 'login-with-google' ),
+			_x( 'Login with Google', 'Page title', 'login-with-google' ),
 			'manage_network_options',
 			'login-with-google-network',
 			[ $this, 'output_network_settings' ]
@@ -177,7 +177,7 @@ public function register_network_settings(): void {
 
 		add_settings_section(
 			'wp_google_login_network_section',
-			__( 'Log in with Google Network Settings', 'login-with-google' ),
+			'',
 			function () {},
 			'login-with-google-network'
 		);
@@ -270,6 +270,8 @@ function () {},
 	/**
 	 * Saves the network settings for multisite installations.
 	 *
+	 * @since n.e.x.t
+	 *
 	 * @return void
 	 */
 	public function save_network_settings(): void {
@@ -482,7 +484,13 @@ public function client_secret_field( $args = [] ): void {
 	public function apply_globally_field( $args = [] ): void {
 		$network_options = get_site_option( 'wp_google_login_network_settings', [] );
 		?>
-		<input type="checkbox" name="wp_google_login_network_settings[apply_globally]" id="apply-globally" value="1" <?php checked( ! empty( $network_options['apply_globally'] ) ); ?> />
+		<input
+			type="checkbox"
+			name="wp_google_login_network_settings[apply_globally]"
+			id="apply-globally"
+			value="1"
+			<?php checked( ! empty( $network_options['apply_globally'] ) ); ?>
+		/>
 		<?php esc_html_e( 'Apply all settings to all sites in the network', 'login-with-google' ); ?>
 		<script type="text/javascript">
 			jQuery(document).ready(function($){
@@ -514,6 +522,7 @@ function toggleGlobalRows() {
 	 * Renders the input field for the User Registration setting.
 	 *
 	 * @param array $args Additional arguments for the field.
+	 * @since n.e.x.t
 	 *
 	 * @return void
 	 */
@@ -528,8 +537,10 @@ public function user_registration( $args = [] ): void {
 			<label style='display:block;margin-top:6px;'>
 				<input type='checkbox'
 					name='wp_google_login_network_settings[registration_enabled]'
-					id="user-registration" <?php checked( $checked ); ?>
-					value='1'>
+					id="user-registration"
+					<?php checked( $checked ); ?>
+					value='1'
+				>
 				<?php esc_html_e( 'Create a new user account if it does not exist already', 'login-with-google' ); ?>
 			</label>
 			<p class="description">
@@ -538,7 +549,7 @@ public function user_registration( $args = [] ): void {
 					sprintf(
 						// translators: %s is replaced with URL of membership settings page.
 						__( 'If this setting is checked, a new user will be created even if <a target="_blank" href="%1s">membership setting</a> is off.', 'login-with-google' ),
-						'network/settings.php'
+						'settings.php'
 					)
 				);
 				?>
@@ -591,11 +602,14 @@ public function one_tap_login( $args = [] ): void {
 		if ( $is_network ) {
 			$checked = ! empty( get_site_option( 'wp_google_login_network_settings', [] )['one_tap_login'] );
 			?>
-			<label style='display:block;margin-top:6px;'><input
+			<label style='display:block;margin-top:6px;'>
+				<input
 					type='checkbox'
 					name='wp_google_login_network_settings[one_tap_login]'
-					id="one-tap-login" <?php checked( $checked ); ?>
-					value='1'>
+					id="one-tap-login"
+					<?php checked( $checked ); ?>
+					value='1'
+				>
 				<?php esc_html_e( 'One Tap Login', 'login-with-google' ); ?>
 			</label>
 			<?php
@@ -658,12 +672,8 @@ public function one_tap_login_screens( $args = [] ): void {
 					id="one-tap-login-screen"
 					<?php checked( $value, 'login' ); ?>
 					value='login'
-					<?php
-					if ( $readonly ) {
-						echo 'disabled';
-					}
-					?>
-					>
+					<?php echo ( $readonly ? 'disabled' : '' ); ?>
+				>
 				<?php esc_html_e( 'Enable One Tap Login Only on Login Screen', 'login-with-google' ); ?>
 			</label>
 			<label for="one-tap-login-screen-sitewide" style='display:block;margin-top:6px;'>