Support » Developing with WordPress » Login a WP user via REST API

Viewing 10 replies - 1 through 10 (of 10 total)
  • @dreamon11

    Looking at the code for the wp_signon function it expects data to be past via $_POST.

    I think by used the WP_REST_Server::READABLE method in you REST_API you are expecting a $_GET variable, you might want to try WP_REST_Server::EDITABLE nd see if that converts the data submission to $_POST.

    Thread Starter DreamOn11

    (@dreamon11)

    @mattyrob

    The wp_signon() reads only $_POST if there is no $credentials.

    if ( empty( $credentials ) ) {
    		$credentials = array(); // Back-compat for plugins passing an empty string.
    
    		if ( ! empty( $_POST['log'] ) ) {
    			$credentials['user_login'] = wp_unslash( $_POST['log'] );
    		}
    		if ( ! empty( $_POST['pwd'] ) ) {
    			$credentials['user_password'] = $_POST['pwd'];
    		}
    		if ( ! empty( $_POST['rememberme'] ) ) {
    			$credentials['remember'] = $_POST['rememberme'];
    		}
    	}

    The problem is not here because the code works outside REST API.

    @dreamon11

    Quite right, I just glimpsed at the function further down.

    I have this working locally and I think the issue is in passing and collecting the user_login and user_password. The fields need to be specified in your endpoint I think:

    '/login/(?P<login>[a-zA-Z0-9-]+)/password/((?P<password>[a-zA-Z0-9-]+))',

    And you then to to handle the data in your callback, the 2 fields above would be in $request['login'] and $request['password'].

    So my full code is now this:

    add_action('rest_api_init',
    	function () {
    		register_rest_route(
    			'xxx/v1',
    			'/login/(?P<login>[a-zA-Z0-9-]+)/password/((?P<password>[a-zA-Z0-9-]+))',
    			//'login/',
    			[
    				'methods'   => WP_REST_Server::READABLE,
    				'callback'  => function ( WP_REST_Request $request ) {
    					// I try this:
    					wp_set_current_user(1);
    					wp_set_auth_cookie(1);
    
    					// and this:
    					$user = wp_signon(
    						[
    							'user_login' => $request['login'],
    							'user_password' => $request['password'],
    							'remember' => true,
    						],
    						false
    					);
    					wp_send_json( $user );
    				}
    			]
    		);
    	}
    );
    Thread Starter DreamOn11

    (@dreamon11)

    @mattyrob

    It works when I send the REST request from my browser with RESTClient extension for example.

    But it doesn’t work when I send this REST request from subdomain.site.com.

    The WP User is well returned, but cookies are not defined :/

    @dreamon11

    Are you able to log the JSON response on the subdomain and see what response you are getting?

    Thread Starter DreamOn11

    (@dreamon11)

    @mattyrob

    Yes, I have all WP User info: ID, login…

    @dreamon11

    I wonder if it’s because the cookie needs to be set on the client machine but via a REST call it’s trying to get set on the subdomain server.

    Thread Starter DreamOn11

    (@dreamon11)

    So, I need to define WP cookies from subdomain.site.com.

    Thanks for help!

    Hi @dreamon11 , i’m wondering how did you end up setting the auth cookies exactly? I am having the same issue although I am using the rest api inside the wordpress theme on the same domain.. a react wordpress theme. my endpoint looks very similar to what you posted. Thanks!

    Thread Starter DreamOn11

    (@dreamon11)

    Hello @rozv,

    I do the following:

    1. Send GET request from subdomain.site.com (another site) to site.com (WP)
    2. In WP, use this same code as my first post. With this code, WP returns COOKIES in the response
    3. In the another site, I retrieve COOKIES values from response and set cookies with PHP setcookie to login the user.

    Cookies return by WP:
    wordpress_xxxx
    wordpress_sec_xxxx
    wordpress_logged_in_xxxx

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Login a WP user via REST API’ is closed to new replies.