I have an app, and I want enable users log in to the app using my wordpress site's user info. So the user clicks on the sign in button, a new window popsup and opened by wordpress site. And after user input the username and password of my wordpress site, then the user should log in to the mobile app.
So I need my wordpress site behaves like an OAuth server, how could I achieve it, and how to invoke the the OAuth apis?
You need to use WP OAuth server in your Wordpress website and additionally a plugin that enables APIs for your Wordpress site.
For OAuth server plugin, Check below link:
https://wordpress.org/plugins/oauth2-provider/
It works with WP REST API/ JSON API and provides access protected endpoints via OAuth2.
If you want to use WordPress website authentication and users in your application, you need an OAuth server on your WordPress website. This is our product: https://lana.codes/product/lana-passport/
If the user clicks the Single Sign On button (and is not logged in to the WordPress site), the WordPress login interface will appear where the user can authenticate.
Once you have the authentication, you have access to the /resource endpoint, which returns user data according to the scope.
Note: you have to create a Single Sign On solution for your app (it will be an OAuth client), which is connected to the endpoints of the WordPress OAuth server.
So in summary:
the WordPress website needs an OAuth server
the app needs an OAuth client
Related
I'm using Centrify as my IdP with SAML SSO wordpress plugin to authenticate users on my intranet. This works fine.
However, I would now like to make an POST api call from the intranet back to Centrify to pull some data to display on my wordpress site.
Is it possible to configure Centrify so that it passes something like a .ASPAUTH cookie to the wordpress site so that I can it to make api calls?
If Wordpress is passing the user to Centrify to login (SAML), when the user comes back to Wordpress the .ASPXAUTH token is already set as a cookie in the browser. You cant access it in code, but if you make browser (CORS) calls to Centrify API's, the browser will automatically pass the cookie to Centrify with out you needing to manage it or pass it manually. These calls would need to be made in the browser (javascript), not from the server (php).
You will need to go into your Centrify admin portal, navigate to settings > Authentication > Security Settings > Specify trusted DNS domains for API calls and add the domain of the site that will be calling the Centrify API's. This is to trust the domain for CORS.
An easy test is to add a small amount of code to the browser code that does a simple post to https://tenant.my.centrify.com/security/whoami. No JSON needs to be passed to this call. This will simply respond telling you if we see the user as authenticated.
Please let me know if you have any other questions and do not hesitate to reach out to devsupport#centrify.com.
Thank you,
Nick Gamb
Sr. Manager, Developer Relations and Product Management
Centrify Corporation
I want to add access rights to Wordpress. only allow the users that already login the application on tomcat, can access the Wordpress.
Application(tomcat, not in AWS) ----allow access---> Wordpress (AWS)
External users cannot access Wordpress.
You can achieve this by using WP REST API , After verifying tomcat user authentication, If success redirect ti WordPress site
Finally, I used the JWT(https://jwt.io/) approach with RSA algorithm.
Tomcat side generate the token, and redirect to wordpress url with token
Write a customized Wordpress-plugin to verify the token.
I have 2 sites, site A (Main Site) & site B (Wordpress woocommerce site). I would like my users to sign-in to site B using their Site A username and password. I have setup Oauth2 provider using Laravel passport that site A uses to authenticate users to site A. I'd like to do the same on site B. Is there an existing Wordpress plugin that will help me implement single sign on with my Oauth2 server that I've setup?
WordPress plugins for oauth2
Example for WordPress as a server or identity provider allowing WordPress users to authenticate on a 3rd party client, https://wordpress.org/plugins/oauth2-provider/
Example for WordPress as a client replacing WordPress login a 3rd party identity provider, https://auth0.com/wordpress
Laravel core includes the Passport oauth2 server from thephpleague, which would server as a starting point for a custom integration.
Server - https://github.com/thephpleague/oauth2-server
Client - https://github.com/thephpleague/oauth2-client
Example for 3rd party API authentication without impact to WordPress auth, https://www.smashingmagazine.com/2016/03/making-a-wordpress-plugin-that-uses-service-apis/
Please update and comment with alternatives not listed!
I am new to wordpress. And I am designing a webvsite that needs the social login buttons.
I have found some plugins, and also used the developers.facebook.com login button, but it is not working with my localhost server. I have also used the Like button from the same site. and
it is working properly.
Same problem is happening with google+. Am I missing something?
Please reply soon..
Thank you!
You can't implement social login w/o appID in it's services, it's public but not transparent.
To enable social login you will need a valid callback URL, so app will know where to redirect user after successful auth. This part is pain in the ass, because you don't have domains at development stage. Plus you will need to configure cookies / sessions to handle authentication at valid domain scope.
If you want to properly configure oAuth or other auth service - do it on isolated production server.
I need help on authenticating users based on their location. The problem is this: If the users come to the web site out of domain then the user must fill a login page and the credentials he provided must be authenticated from a custom credential store. If the user is an Active Directory user, he must be directed to the resource he wants without asking for credentials.
If I enable both Anonymous Auth and Windows Auth for the web server, Anonymous Auth comes first and even the user is an Active Directory user I can't access his domain information.
Anyone can help?
One way I know is to set a single page, like AdLogin.aspx, to deny anonymous users and have that page log them into the Forms Authenication module. You then have to create a custom 401 error page that redirects to your Forms login page from your AdLogin. The one thing I don't like is that AD users try to login through the Forms login page all of the time, and it's hard to bookmark the AdLogin page because it just does an automatic redirect. I also don't like that it's so dependent on a custom IIS configuration.
See my answered here for details: ASP.NET Application to authenticate to Active Directory or SQL via Windows Authentication or Forms Authentication
How about publishing the website with 2 different Webapplications?
You could configer the internal one to use Windows Auth, and the external one to use Anonymous. If the user requests a site that requiers auth, you allow them to authenticate.
You can also post an "Login" Link on your (external) webpage, that will allow the user to manually log in on the external site. But if you allow a Page to use anonymous, then you have to consider that you wont know who the user is currently.