Login a WP user via REST API

@dreamon11

Looking at the code for the wp_signon function it expects data to be past via $_POST.

I think by used the WP_REST_Server::READABLE method in you REST_API you are expecting a $_GET variable, you might want to try WP_REST_Server::EDITABLE nd see if that converts the data submission to $_POST.

@dreamon11

Quite right, I just glimpsed at the function further down.

I have this working locally and I think the issue is in passing and collecting the user_login and user_password. The fields need to be specified in your endpoint I think:

'/login/(?P<login>[a-zA-Z0-9-]+)/password/((?P<password>[a-zA-Z0-9-]+))',

And you then to to handle the data in your callback, the 2 fields above would be in $request['login'] and $request['password'].

So my full code is now this:

add_action('rest_api_init',
	function () {
		register_rest_route(
			'xxx/v1',
			'/login/(?P<login>[a-zA-Z0-9-]+)/password/((?P<password>[a-zA-Z0-9-]+))',
			//'login/',
			[
				'methods'   => WP_REST_Server::READABLE,
				'callback'  => function ( WP_REST_Request $request ) {
					// I try this:
					wp_set_current_user(1);
					wp_set_auth_cookie(1);

					// and this:
					$user = wp_signon(
						[
							'user_login' => $request['login'],
							'user_password' => $request['password'],
							'remember' => true,
						],
						false
					);
					wp_send_json( $user );
				}
			]
		);
	}
);

@dreamon11

Are you able to log the JSON response on the subdomain and see what response you are getting?

@dreamon11

I wonder if it’s because the cookie needs to be set on the client machine but via a REST call it’s trying to get set on the subdomain server.

Hi @dreamon11 , i’m wondering how did you end up setting the auth cookies exactly? I am having the same issue although I am using the rest api inside the wordpress theme on the same domain.. a react wordpress theme. my endpoint looks very similar to what you posted. Thanks!