I am creating a mobile app for a WooCommerce website and have gotten to a stage where I want the user to login or signup to the WooCommerce website before they continue with a purchase.
I can create a new customer no problem but I am having trouble when trying to authenticate an existing customer. After looking at the rest api docs for WooCommerce, I haven't come across any endpoint that will allow an existing user to log in to their account. Is there any endpoint that will allow me to do this that isn't documented?
There might be other ways but what comes to my mind immediately is to use JWT Authentication for WP REST API plugin.
Using this plugin you can request for authentication on the server using the username and password. It will return a token if successful. Then use the token for checking if this user/customer is valid. If valid, use wc api to create an order for this customer.
Related
I am just starting out with using the WP REST API.
For authentication, I use JSON Web Tokens.
The only question I have is how I can give users the possibility to register by themselves, since registering a user also requires an authentication key.
Since the user has not yet logged in, this key cannot yet be retrieved.
I came up with the following two options, but cannot figure out how to do either of them.
The application itself has an authorization key with which the request can be made.
Disabling authentication requirement for user creation.
If I'm looking at this in the wrong way, any answers are welcome!
Thanks!
If your application is a web page then the easiest is to do this separately from the WordPress REST API. WordPress has a web page http://aaa.bbb.ccc/wp-login.php?action=register that allows you to register new users. To enable this web page check the Dashboard -> Settings -> General -> Membership -> 'Anyone can register' option.
If your application is a mobile app then your mobile can just sent the same HTTP request that http://aaa.bbb.ccc/wp-login.php?action=register sends. I.E. a POST request with query parameter action=register with POST parameters user_email, user_login, wp-submit=Register.
If you really insists on doing this using the REST API I think the following will work. (Disclaimer: I have not actually implemented this.)
You will need to override the WordPress REST authentication. First create a new role with the capability 'create_users'. Second create a user with this role. Create a nonce that specifies that a new user is to be registered. When your app returns this nonce and the user credentials to the http://aaa.bbb.ccc/wp-json/wp/v2/users endpoint you should override the WordPress authentication to set the current user to the user you created with the role 'create_users'.
We have a custom app hosted in Firebase (Google's Backend as a service). We would like to use Shopify's authentication so the user doesn't have to create an account in the app as well as the Shopify store (where we require accounts).
The key: I need to have some mechanism (like an API) that I can use to have Shopify authenticate a user. (Assume the customer has already created an account in the Shopify store. Account creation will be handled by the normal Shopify process.)
I can create a page in my app to ask for email / pass. Is there some way to send this info (perhaps along with some sort of token generated from a private app) to authenticate the customer? I just need Shopify to confirm whether the email / pass is correct, so I can then 'login' the user into my Firebase app.
Any direction / thoughts / suggestions are greatly appreciated.
PS. Firebase offers a 'custom authentication' option, along with email, Google+, Facebook. The custom auth option requires sending user / pass to the authentication server, which in this case, would be Shopify.
EDIT: Based on the responses, edited to clarify that I need some way to authenticate the user in Shopify. Handling the custom auth into Firebase seems like a fairly straightforward task, once I receive some sort of signal from Shopify telling me the users email / pass is valid.
This is a classic use case for custom Auth with Firebase. You send email/pass to your backend, authenticate with shopify, on success create a custom token with the user's id (most likely using shopify's user id), send it back to the client which would signInWithCustomToken signing in to Firebase.
Customer logs in to Shopify
Logged in Customer has an ID
Use App Proxy in your App to accept this ID using a secure callback
Use the Shopify API to look up the customer with the secure ID
If customer is found, they are then authentic and can use your App
Why is that not a useful and simple pattern for you to use?
You should take a look to Shopify MultiPass. Although, you need Shopify Plus that is very expensive.
I am creating a mobile app for a WooCommerce website and have gotten to a stage where I want the user to login or signup to the WooCommerce website before they continue with a purchase.
I can create a new customer no problem but I am having trouble when trying to authenticate an existing customer. After looking at the rest api docs for WooCommerce, I haven't come across any endpoint that will allow an existing user to log in to their account. Is there any endpoint that will allow me to do this that isn't documented?
There might be other ways but what comes to my mind immediately is to use JWT Authentication for WP REST API plugin.
Using this plugin you can request for authentication on the server using the username and password. It will return a token if successful. Then use the token for checking if this user/customer is valid. If valid, use wc api to create an order for this customer.
I am developing an android app for an eCommerce site that is built in wp-woocommerce.
I really don't know much about wp.
I have read http://woothemes.github.io/woocommerce-rest-api-docs/ and have developed almost all the android app. but I was unable to find a way to validate the username and password of the customer via rest API.
I just want to pass the username and password and expect the result as pass or fail.
Thanks in advance for your kind help.
Unfortunately, WooCommerce REST API doesn't deal with login/logout (customers) as they are treated as WordPress users with CUSTOMER roles.
The API KEY and SECRETE is for your app to fetch data as products - orders etc... You have to use WordPress API login methods to access user information, signup new users/customers,.
WordPress REST API / Auth
If you prefer to use JWT there is many plugins in the plugins repo.I have used this one: Simple JWT Login – Login and Register to WordPress using JWT and works good.
I'm using Wordpress + WooCommerce in combination with the WP-API as a backend for my mobile ecommerce App.
My goal is to offer some social login (via Facebook, Twitter, Google etc.) within the app to register/login and then use the WooCommerce API to receive e.g. all the orders of that authenticated user.
Currently my plan is:
Use some client SDK so that the user e.g. can login using his FB account
From step 1 I get e.g. the users name, email and FB ID which is sent to a custom endpoint for adding the user to the Wordpress DB (like https://github.com/royboy789/wp-api-social-login)
Create a custom endpoint for orders with WP-API (e.g.: .../orders)
Inside the endpoint function check wether the user is authenticated
If user is authenticated, the endpoint returns the user's orders using a WooCommerce API wrapper
(https://github.com/kloon/WooCommerce-REST-API-Client-Library)
But I'm struggling at #3 because I don't really know how to check wether the user is authenticated.
I thought about creating another endpoint that will contact the OAuth authorization server to check the user’s credentials using e.g. Facebook's access token. And if the check is valid, I would create a custom Access Token for my API using some hashing of the userID, email etc. which is sent back to the client app. Then this Access Token is used for every call to my API which then reads out the User ID from the hashed token and returns e.g. all the orders for this User.
But somehow this feels just not right. Especially because this way I'd create an endless living Access Token...
Once you have done #2, the HTTP response from WP will include the auth cookie: see https://github.com/royboy789/wp-api-social-login/blob/master/inc/social-routes.php#L31 in the sample pointed to by the question.
Not sure what HTTP library you are using in the app but if you save the cookies received in the response and just reuse them in all subsequent requests to the server then authentication should be taken care of: you won't need an extra check/access point, as the login/registration automatically logs the user in, and the standard WP cookie checks take care of the verification on new requests.