Just to add for anyone stumble upon this question:
I just found out there are a function for users to submit ajax without privilege (non log-in user). Instead of going through the whole trouble of login for random strangers, the function below make more sense :p
wp_ajax_nopriv_[action_name]
reference: https://codex.wordpress.org/Plugin_API/Action_Reference/wp_ajax_nopriv_(action)
Hey thanks bcworkz!
thanks for the suggestion! will definitely try login user from behind the scene without plugin for now, before dig deeper with oAuth or JSON token 🙂
