Here's the plugin/code:
What I am wondering is how I might be able to eliminate the usage of:
require_once( "../../../wp-load.php" );
This "malpractice" can be found in the login-openid.php and login-facebook.php files.
I understand this will prevent my plugin from being placed into the WordPress plugins repository.
The reason for using wp-load.php is because of the way OAuth 2.0 seems to work. During authentication, the browser navigates to the third-party authUrl, then returns to our site on success or failure, and it's at this point (the cross-domain return path) that we need to access the WordPress core again (to register or login the WordPress user), but we no longer have a reference to it since our script is now being called from outside the WordPress environment. Hence the reason for wp-load.php.
If someone could let me know how to tackle this I would greatly appreciate it!