How to use WordPress REST api to login a user?

There are 3 ways to authenticate a user using a REST api end-point request,

1- using cookies, which is the way WordPress keeps track of authenticated users in POST requests. You pass the authentication details in your REST request, use the wp_signon() function to sign-in your user, and if successful you set the authentication cookie using wp_set_auth_cookie() function,

$creds = array(
    'user_login'    => 'example',
    'user_password' => 'plaintextpw',
    'remember'      => true
);

$user = wp_signon( $creds, false );

if ( is_wp_error( $user ) ) {
    $msg = $user->get_error_message();
}else{
  wp_clear_auth_cookie();
  wp_set_current_user ( $user->ID ); // Set the current user detail
  wp_set_auth_cookie  ( $user->ID ); // Set auth details in cookie
  $msg = "Logged in successfully"; 
}

You can find a discussion on this WordPress forum thread.

2- Using Basic Authentication requests to your own server

the idea here is that for every REST request you make to your server you pass the user’s credentials (every time) over an SSL connection. The WordPress API group provides a plugin on their GitHub repo to do this for you, which allows you to encode the user’s credentials and decode it on the other side to authenticate them, so for example, to delete a user’s post on the server,

let user="...", pw='...';
jQuery.ajax({
   url: 'http://your-domain/wp-json/wp/v2/posts/50',
   method: 'DELETE',
   crossDomain: true,
   beforeSend: function ( xhr ) {
       xhr.setRequestHeader( 'Authorization', 'Basic ' + Base64.encode( user + ':' + pw ) );
   },
   success: function( data, txtStatus, xhr ) {
       console.log( data );
       console.log( xhr.status );
   }
});

For more details see this detailed tutorial

3- user a third party authentication such the open OAuth.

This is what Google uses, and allows your site to identify users based on their Google login credentials. WordPress.com also uses this method for its blog service authentication.

The idea is that your users logs-in a server which identifies them (using cookies on their browser).

Once authenticated, your page (reactive js) makes a request to the authentication authority/server which if confirmed by the user returns an access token which is used to authenticate REST requests going forward.

You could use a third party authentication service, such Google, in which case you can follow this youtube tutorial which walks you through the basics to setting up a Google API project to allow your application to make authentication requests.

Alternatively, you could convert your WordPress server into a OAuth server using an existing plugin such as WP-OAuth Server, and its extensive documentation.

Related Posts:

  1. Does something like is_rest() exist
  2. REST API purpose?
  3. Get post count in wp rest API v2 and get all categories
  4. WP REST API — How to change HTTP Response status code?
  5. WP REST API Is it rather easy to rename the default wp-json uri part?
  6. Search WP API using the post title
  7. Displaying a page built with Elementor using the REST API [closed]
  8. Understanding SHORTINIT with WordPress 5
  9. Does pre_get_posts affect REST API responses?
  10. wordpress wp-json prefix issue
  11. Get blog title with REST v2
  12. Is it possible to nest the JSON result of WordPress REST API?
  13. Filter post_content before loading in Gutenberg editor
  14. Create post using rest api with html content
  15. Trying to get an api request getting error 404
  16. rest_post_query on multiple post types?
  17. Wp Rest Api Custom Endpoint for page subpages
  18. How should an old API version be deprecated gracefully?
  19. WP REST API returns incorrect data?
  20. WP 5.5 Fatal Error – get_rest_controller() in rest-api.php
  21. REST API GET users
  22. Display post title from WordPress excluding a string via API
  23. WP_REMOTE_POST Requests are being blocked by API provider [closed]
  24. wp_get_object_terms() returns invalid taxonomy inside rest_api_init hook
  25. Is it posible to use wp.data.select(‘core’) outside a block?
  26. Can you Use the Rest API to query a custom database table
  27. Is there anyway to format my EndPoint URL in WordPress?
  28. Return WP_Error as WP_REST_Response
  29. Authenticating with REST API
  30. Make authorization mandatory on custom routes
  31. Custom Rest API POST endpoint with conditionally required parameters
  32. What is the meta field in the response of the user REST API?
  33. Is there any way to clear cache when making REST API request?
  34. how to avoid timeouts with remote API requests?
  35. Custom API endpoint to create gallery for post
  36. Register REST route with a multi-value parameter
  37. How do I add meta when creating a post with rest api?
  38. rest_api_init is run on every rest call to endpoint
  39. WordPress + REST API v2 and private pages Load by slug
  40. Change permissions on REST api?
  41. WP-REST create user with custom meta
  42. receive a custom parameter with rest api
  43. PHP: authenticate for a REST request?
  44. Is it Ok to restrict Access-Control-Allow-Origin for /wp-json requests?
  45. Validate rest-api call on create
  46. Authenticate current user to REST API
  47. Get a remote post ID via API given URL
  48. rest api endpoint – accept diacritic characters
  49. Core function to check if a rest namespace exists
  50. WordPress REST API rest_comment_invalid_author Sorry, you are not allowed to edit ‘author’ for comments
  51. How to delete user using rest api without reassigning
  52. Custom WP API endpoint NULL body data
  53. Accessing private posts through REST API, same code that works in remote doesn’t in local
  54. Rest API: trouble receiving response through script (browser and Postman display correctly)
  55. Advanced Access Manager: RESTful endpoint to refresh token
  56. `WP_REST_Controller::get_endpoint_args_for_item_schema` Does Not Set `required` Property from Schema
  57. Extending REST API responses
  58. How would I know if my system using REST api or not?
  59. Error message: Response is not a valid JSON response
  60. How to use query parameters, as “_fields”, to filter data inside an array in the REST API?
  61. WordPress server banning IP
  62. How to display relations via wordpress Rest API
  63. How to add Relations of a CCT from JetEngine via WordPress Rest API
  64. WP Rest_API- Post request for images returns empty
  65. DELETE request using WP REST API
  66. wp_insert_post function and automatic trashing posts once is no longer in API
  67. Fetching WordPress Private Posts, Public Posts Via Default REST API Endpoint
  68. How to deliver webp format of images to WP REST API
  69. register/login api
  70. Got Blank issue for get data from /wp-json/v2/post
  71. How do i POST to WordPress rest API from the same domain?
  72. WP API file_get_contents return TTP request failed! HTTP/1.1 401 Unauthorized
  73. WordPress improve REST API – SHORTINIT not work
  74. Not able to delete media by REST API
  75. Need to get user data via API
  76. REST API retrieving posts from www.sitename.com/category/news/ instead of just just from www.sitename.com
  77. REST API get featured image source for custom post type
  78. Custom rest API route not passing data along
  79. Rest API encoding of double quotes
  80. view counter update in WordPress REST api HTTP get
  81. How to filter wp-json/wp/v2/users response on custom metas?
  82. Paid membership Pro Rest API
  83. Trouble Commenting via the WP REST API using nonces
  84. wp_query json ouput
  85. GET request for media files in WP REST API 2 results in an empty array
  86. Fatal error: Call to undefined function register_rest_route()
  87. WordPress REST API not displaying all information
  88. API wp-json/wp/v2/pages/ returns a different result if page is specified
  89. In Rest API 2.0 is it possible to get some meta fields but not others?
  90. Update post / page using API + python
  91. Calling a Rest API with parameters on button Click
  92. How to cache WordPress oembed links in the page header?
  93. REST API – Authentication/Logon security
  94. WordPress json – How to use the content rendered from json
  95. Subscriber role cann’t add comment meta using REST API
  96. Restrict Image Sizes and Dimensions when Uploading via the WP Mobile App
  97. Can I use the Backbone REST API client outside WordPress?
  98. WordPress REST API function not calling from external site
  99. Issue with API after 6.2 update
  100. Verify user login and password over api