This showed up as a notification due to the upvote. Here’s how I solved it. The endpoint coded in the app that I am supposed to authenticate with prepares the token. The token has to be in the specified format. It then should be base 64 encoded and hash encrypted. The wp_init handler should be … Read more
Update: Made a blog post to explain this better 🙂 I was able to do this by WP’s authenticate filter inside a new plugin; most of which is guided by this tutorial by Ben Lobaugh. Major points on the plugin: Make an API call function using cURL (you can get guide codes from Postman upon … Read more
There should be no problem with any normal WordPress-vBulletin bridge which syncs user data between the two platforms. Just make sure that synced users have the default role of “Subscriber”. This allows them to only post comments, and not to create or edit posts.
The variable $interim_login is TRUE when the log-in session of a user expires while she is working in the back end, for example during an auto-save action. In this case a message asking to log in again appears at the bottom of the editor: The same can happen in the theme customizer. The $_REQUEST variable … Read more
This is just a modification of timshutes’ answer – if you want specific pages to require login and don’t want to put them into a custom post type, you can add to functions.php: add_shortcode(‘need_login’, ‘shortcode_needLogin’); function shortcode_needLogin() { if (!is_user_logged_in()) { auth_redirect(); } } And then at the top of the pages you want to … Read more
WordPress already has an API built in via an XMLRPC server. Meaning, you can make an XMLRPC request from your java app and verify a username/password. Unfortunately, there’s no way to just authenticate through it as is. That said, it’s very easy to roll your own. Just hook into xmlrpc_methods, a filter, and add yours. … Read more
Easy enough, decided to just do the redirect option. I used the wp_login action hook. You could also probably use this for redirecting your users to ANY page on your website. You can also check user capabilities from the $user Object passed in as a function parameter if you want to send different user levels … Read more
Cross-site Scripting Issues You cannot transfer WP auth cookies between domains. You also don’t want to store plaintext passwords for logging into another WP installation programmatically. So, you’ll have to have users log into WordPress, and then access their login status via an API endpoint from the third-party site. This lets WordPress handle all the … Read more
Let’s go step by step here. Looks like you’re trying to use OAuth just for authentication, but before you can do so you need to get the Access Token which will be used to authenticate when you make your API calls. Because this is using OAuth version 1, in order to obtain the Access Token … Read more
Why JWT authentication I’m building a site that uses WordPress as the back-end, and a React+Redux app as the front-end, so I’m pulling all the content in the front-end by making requests to the WordPress API. Some requests (mainly, POST requests) must be authenticated, which is when I came across JWT. What we need To … Read more