Re-using WP login for external REST services | WordPress.org

damird
(@damird)

8 years, 1 month ago

Hello.

I’d like integrating a set of external REST services with WordPress. The idea is build up a plugin that will actually add the content to WP post. That content will be a mix of HTML5, CSS and JS. JS will use AJAX requests targeted to mentioned REST services for displaying the content. The later has to be per-user specific. This means, REST services written with Lumen and using their own database, should be aware of WP users logged in the site.

I thought using JWT tokens for this. My idea is, when a user logs-in, a JWT token is added to session cookie. That same session cookie is consumed by REST services. As WP and the REST services server would share the same secret, WP could embed the username in the JWT. On the other hand, REST services server could check JWT validity and if valid, could extract the username from it and return the right content.

A few quesitons about this:
– is there an existing way to switch WP on using JWT which I could reuse?
– if not, is it possible and how is it possible to add JWT functionality needed?
– I would appreciate also any other thoughts and ideas on how to approach the mentioned problem?

Thanks in advance for any hint and discussion 🙂

Sincerely,
Damir

Viewing 1 replies (of 1 total)

Moderator bcworkz
(@bcworkz)

8 years, 1 month ago

I’m not aware of WP using JWTs for anything, however, REST output can be filtered, so you could somehow convert the normal REST JSON response to a JWT. I don’t think JWT is really necessary for most situations, especially if HTTPS is being used. But if you wish to implement JWT anyway, I’m not objecting 🙂

I’m not sure you need any extra cookies either. WP REST requires the user to be logged in conventionally (setting an auth cookie), though there are other authentication methods available. Thus REST responses are going to be related to the logged in user anyway, without any special effort on your part. If the current user cannot create posts, there is nothing you can request through REST that would create a post.

Does your app even really need to know the current username? Any data returned from REST can be for the current user only, provided that user has the proper capabilities. You can have REST provide the current username all right, I’m just not convinced it’s really needed. All user authentication can be managed by WP alone.

Maybe I’m missing something, but it sounds like you are over complicating things.

Viewing 1 replies (of 1 total)

The topic ‘Re-using WP login for external REST services’ is closed to new replies.

Tags

In: Developing with WordPress
1 reply
2 participants
Last reply from: bcworkz
Last activity: 8 years, 1 month ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics