I am building phonegap application to show post and other pages. Logged in users can only access these pages. So, I am creating login system in phonegap with wordpress api. I am using json api,json api user for api.
After username, password entered in login form authentication cookie is generated by 'generate_auth_cookie' api and stored in local storage. It is stored as 'wordpress_logged_in_5....'=>'username|1453458845|J500gDe.....'
I am struck here. Please tell me the next steps after this. Also I need to check the user is logged in on every api call.
FOR JSON API LOGIN
Method: generate_auth_cookie
First get the nonce: http://localhost/api/get_nonce/?controller=user&method=generate_auth_cookie
Then generate cookie: http://localhost/api/user/generate_auth_cookie/?username=john&password=PASSWORD-HERE
Method: validate_auth_cookie
It needs 'cookie' var.
http://localhost/api/user/validate_auth_cookie/?cookie=admin|43089754375034fjwfn39u8
so when user sent req. of login that time you need to create nonce and then gen. auth cookie and so on. and if all good then log in to user. and save it to your site. so once user click on logout. there session will be removed.
you can also set session from here
generate cookie for 1 minute: http://localhost/api/user/generate_auth_cookie/?username=john&password=PASSWORD-HERE&seconds=60
60 means 1 minute.
details
https://wordpress.org/plugins/json-api-user/other_notes/
OR
TRY - WP REST API V2
http://v2.wp-api.org/
downlaod plugin and install it.
https://wordpress.org/plugins/json-rest-api/
just type /wp-json/wp/v2/posts in end of your site url and you will get all post.
for get all post
www.mysite.com/wp-json/wp/v2/posts
For the search functionality - search test post
/wp-json/wp/v2/posts?filter[s]=test
much more details from this link http://v2.wp-api.org/reference/posts/
Note for best result use latest version of WP
so using this you can easily get post page etc.
Related
I have a Wordpress website and a Chrome Extension. If the user logs in on the website, I want the Chrome Extension to be aware of that (and vice-versa). The Chrome Extension won't have a login form in it; the user will always log in through the website login form.
When you log in on the website, Wordpress by default sets its authentication cookies to identify the user. What I initially had in mind: I would also like to return some kind of access token, which I would store somewhere where the extension can find it and use it to make authenticated requests to the Wordpress REST API. But.. where do I store it (in a safe manner) so I can find it within the extension?
Perhaps I should try a different approach?
Thank you!
What you could do, the simpler way:
create an Ajax action or a REST API route
as you can read in the documentation, the authentication is cookie-based. So once the user is logged in from the WordPress login form, the authentication cookie is added to your browsing session
without overrides, the cookie will also be forwarded when using JS HTTP queries (eg ajax)
your route could check something like is_user_logged_in() or wp_get_current_user() like available methods. And return the result (among other things if needed) to your plugin JS
you may need to change the WordPress cookie configuration, so they can be accessed from anywhere (any domain), check this.
Better way:
would be to use a plugin like this to implement REST API Oauth2 authentication
user should be able to login directly from the extension window (need development), and then use a refresh token feature to keep the user logged in.
I believe you may also need to update your actual login form, if its classic or OAuth rest API login, should be able to send back the required OAuth token (access and refresh tokens), to the frontend (then stored in local storage or else) to be used by the extension. To prevent having to log in twice.
I am just starting out with using the WP REST API.
For authentication, I use JSON Web Tokens.
The only question I have is how I can give users the possibility to register by themselves, since registering a user also requires an authentication key.
Since the user has not yet logged in, this key cannot yet be retrieved.
I came up with the following two options, but cannot figure out how to do either of them.
The application itself has an authorization key with which the request can be made.
Disabling authentication requirement for user creation.
If I'm looking at this in the wrong way, any answers are welcome!
Thanks!
If your application is a web page then the easiest is to do this separately from the WordPress REST API. WordPress has a web page http://aaa.bbb.ccc/wp-login.php?action=register that allows you to register new users. To enable this web page check the Dashboard -> Settings -> General -> Membership -> 'Anyone can register' option.
If your application is a mobile app then your mobile can just sent the same HTTP request that http://aaa.bbb.ccc/wp-login.php?action=register sends. I.E. a POST request with query parameter action=register with POST parameters user_email, user_login, wp-submit=Register.
If you really insists on doing this using the REST API I think the following will work. (Disclaimer: I have not actually implemented this.)
You will need to override the WordPress REST authentication. First create a new role with the capability 'create_users'. Second create a user with this role. Create a nonce that specifies that a new user is to be registered. When your app returns this nonce and the user credentials to the http://aaa.bbb.ccc/wp-json/wp/v2/users endpoint you should override the WordPress authentication to set the current user to the user you created with the role 'create_users'.
I am creating a mobile app for a WooCommerce website and have gotten to a stage where I want the user to login or signup to the WooCommerce website before they continue with a purchase.
I can create a new customer no problem but I am having trouble when trying to authenticate an existing customer. After looking at the rest api docs for WooCommerce, I haven't come across any endpoint that will allow an existing user to log in to their account. Is there any endpoint that will allow me to do this that isn't documented?
There might be other ways but what comes to my mind immediately is to use JWT Authentication for WP REST API plugin.
Using this plugin you can request for authentication on the server using the username and password. It will return a token if successful. Then use the token for checking if this user/customer is valid. If valid, use wc api to create an order for this customer.
I'm using Wordpress + WooCommerce in combination with the WP-API as a backend for my mobile ecommerce App.
My goal is to offer some social login (via Facebook, Twitter, Google etc.) within the app to register/login and then use the WooCommerce API to receive e.g. all the orders of that authenticated user.
Currently my plan is:
Use some client SDK so that the user e.g. can login using his FB account
From step 1 I get e.g. the users name, email and FB ID which is sent to a custom endpoint for adding the user to the Wordpress DB (like https://github.com/royboy789/wp-api-social-login)
Create a custom endpoint for orders with WP-API (e.g.: .../orders)
Inside the endpoint function check wether the user is authenticated
If user is authenticated, the endpoint returns the user's orders using a WooCommerce API wrapper
(https://github.com/kloon/WooCommerce-REST-API-Client-Library)
But I'm struggling at #3 because I don't really know how to check wether the user is authenticated.
I thought about creating another endpoint that will contact the OAuth authorization server to check the user’s credentials using e.g. Facebook's access token. And if the check is valid, I would create a custom Access Token for my API using some hashing of the userID, email etc. which is sent back to the client app. Then this Access Token is used for every call to my API which then reads out the User ID from the hashed token and returns e.g. all the orders for this User.
But somehow this feels just not right. Especially because this way I'd create an endless living Access Token...
Once you have done #2, the HTTP response from WP will include the auth cookie: see https://github.com/royboy789/wp-api-social-login/blob/master/inc/social-routes.php#L31 in the sample pointed to by the question.
Not sure what HTTP library you are using in the app but if you save the cookies received in the response and just reuse them in all subsequent requests to the server then authentication should be taken care of: you won't need an extra check/access point, as the login/registration automatically logs the user in, and the standard WP cookie checks take care of the verification on new requests.
I have a wordpress page from which I am trying to create a post using the WP AJAX REST API. My expectation is that if the user is already logged in the auth cookie will be in place and I'll be able to do the AJAX POST with the user's context. Yet I'm getting an error that the user is not authorized. What am I missing? Thanks
This plugin is not kept up to date but adding a new post should work as follows:
Go to the settings -> json api and activate posts controller
get nonce
http://www.example.com/?json=core.get_nonce&controller=posts&method=create_post&callback=?
Grab the nonce from the reponse, Response should be:
?({"status":"ok","controller":"posts","method":"create_post","nonce":"38nonce84"})
4.Post a post
www.example.com/?json=posts.create_post&nonce=383nonce84&title=newpost&content=blahblabh&status=publish