if a user is not registered on WordPress

Matteo182
(@matteo182)

1 year, 10 months ago

I’ll explain the system to you: My WordPress installation will act as the server, a user goes to the client site and clicks to log in. At this point the client calls my server on an endpoint?

I think it will start with the first on this list and then continue with the others, right?

1 -“authorization_endpoint”:”/wp-json\/openid-connect\authorize”,

2 – “token_endpoint”:”/wp-json\/openid-connect/token”,

3 – “userinfo_endpoint”:”/wp-json/openid-connect/userinfo”,

if this is what I understand, it’s correct, i need that : if at the first endpoint the plugin sees that the user does not have an account on WordPress it does not send the authorization right? I would therefore like to have it open a registration page so that the user can register, and once registration is complete, resume the login flow

where can I hook up to do this?

thank you very much

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Author Paulo Pinto
(@psrpinto)

1 year, 10 months ago

I believe the sequence you described is correct. When you make a request to the authorization endpoint and the user is not logged-in, they will be redirected to the “authenticate” route (the code for that is here).

In the authenticate route, they will be redirected to WordPress’s login page, from where they should be able to register for an account. After registration, they should be redirected back to the oidc flow. If that is not the case, there might be a bug in the plugin.

Thread Starter Matteo182
(@matteo182)

1 year, 10 months ago

ok I understand, so if I wanted to add a control with a validation via SMS message, and and I need to add additional fields for permissions I would have to add it to my normal WordPress registration right?

or can I create an additional form to call up and fill out before giving authorization? where can I find the redirection you make to the login form? Can I replace it with a redirection to another form customized by me?

thank you very much
Thread Starter Matteo182
(@matteo182)

1 year, 10 months ago
compared to the file you sent me I think that here I can redirect to another form by replacing wp_login_url() with my custom url form ?

wp_safe_redirect( add_query_arg( array_map( ‘rawurlencode’, array_merge( $request->getAllQueryParameters(), array( ‘action’ => ‘openid-authenticate’ ) ) ), wp_login_url() ) );

or i must modify the auth_redirect() whit other custom function ?
- This reply was modified 1 year, 10 months ago by Matteo182.
Plugin Author Paulo Pinto
(@psrpinto)

1 year, 9 months ago

If you want to redirect the user to another form, you can use WordPress’s login_url filter to override the URL WordPress redirects the user to.

After your form is handled, you need to redirect the user back to the openid-authenticate route, which will land them on the AuthenticateHandler of the OIDC server plugin.

Thread Starter Matteo182
(@matteo182)

1 year, 9 months ago

Hi Paolo, thanks for the help you are giving me,

so I managed to go around starting from the endpoint /wp-json/openid-connect/v1/authorize

from here I redirect to my login/register page, in case it is the first access I go to the authorization created by you

and after authorization I land on my additional form for double optin and other required data.

from the whole flow I bring along the query string with the ‘code’ :

/?code=ea29c0205e017692c7b24fdbaa39690d99359da2&state=4secret5string

At this point, I would like to ask you what the normal flow involves? should I pass this token to the platform that called the WP server?

Can he use this token to call the endpoint to request user data?

i mena this endpoint : /wp-json/openid-connect/v1/userinfo

or can I send them the user data when they have finished filling out this last custom form? This way I would avoid having to call another endpoint, what do you think?

Thank you very much if you could give me this other clue, I think I’ve closed the loop.

Best regards

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘if a user is not registered on WordPress’ is closed to new replies.