I have a SaaS application/widget, which people can add to their website via an iframe. Is it possible to use wordpress as a single signon point, so that people who login at a wordpress site, are also logged in at my widget? Like a bridge of some sort.
Related
I am attempting to use the Auth0 wordpress plugin to authenticate users from another app (that uses Auth0) into a wordpress knowledge base. I am running into issues configuring and can only seem to get it to protect the back end of Wordpress instead of the front end site.
ie. when a use clicks from our authenticated App (not wordpress) into the docs space (wordpress site on subdomain), we would like them to have to click through the SSO gate before loading the docs page.
First, I am a Wordpress Noob. My company builds custom data dashboards. Our client wants to integrate our dashboard into Wordpress. They use plugins, mainly Gravity forms and WooCommerce, from which the dashboard needs to retrieve data.
The dashboard will be build as a custom page (HTML/JS/CSS) and we plan to served it as a Wordpress static item (like: https://qodeinteractive.com/magazine/add-custom-html-page-to-wordpress/).
Ideally, it would work like this:
the clients' user logs in into Wordpress.
Within the Wordpress environment the user can click a button to open our dashboard.
The dashboard fetches the data from Wordpress / a Wordpress API and displays it.
The complexity starts with the last step, how can we access the data from Wordpress/Gravity forms/WooCommerce. I would prefer it, if the user does not have to login separately into our dashboard, but that the credentials provided in Wordpress can be used.
There are API's available for Wordpress/Ggravity forms/WooCommerce, but I am unsure about the authentication part.
I found something about cookie authentication (https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/#cookie-authentication), but I am not sure if this would work or how this works. The information is related to PHP, while we will be using HTML/JS.
Are there other options available?
I know it is a broad question, but I hope to get some pointers to how to deal with this.
I see that third party Wordpress dashboard tools like ManageWP or InfiniteWP have access to entire Wordpress site by installing theirs plugin on that site.
This way they have admin access to my Wordpress site so they can update plugins, do site backup etc.
How this is possible and is it safe?
As far as my knowledge says, ManageWP has two methods of getting admin access to the wordpress site.
Installing a Worker Plugin
Saving Admin username and password
Once they get the admin access, they view the wordpress dashboard in an iframe inside of the ManageWP panel. The rest of the controls happen via third party plugins installed by the ManageWP.
Coming to your next question about if it is safe, As per this link,
We take security very seriously. We had no security-related incidents in our history (and we’ve been around since 2010).
Their serves run over AWS Infra, so we can be sure that they have a solid server security, but I would still recommend not to host any sensitive data over a website which could control your wordpress site completely via admin panel.
We're building multiple single page apps that all consume the same service based API. One of our requirements is to offer a simple CMS that allows an admin to create marketing pages.
I was able to set up a wordpress instance using the multisite plugin and put it behind our own API. This allows us to use wordpress as a CMS service. We can create pages in the wordpress admin area and then pull the content in using the wordpress rest api plugin.
One of the problems I'm having is to migrate our key, value translation string files into wordpress. We'd like to store them in the database and use wordpress as a place to edit them and then query for them using the rest api plugin. Our translation files are json format and look like this:
{
"LOGIN_LABEL": "Sign In",
"LOGOUT_LABEL": "Sign Out",
"SIGN_UP_LABEL": "Register"
}
Looking for any solutions that would help us use wordpress as a place to store key value pairs, edit them, and do GET requests to pull them in.
I have a Simple PHP Website at www.example.com and I have a wordpress blog at www.example.com/blog/ and both of them have user login pages. I would like the user to logged into the wordpress blog as well when the user logs in using www.example.com login.
Please help
The proper way of doing it is
Create a wordpress plugin
Use the plugin to listen for the wordpress engine initiation
On initiation check for the user session in the browser or in your external application
If a user session is found (assuming your usernames and emails are unique for both systems, so that a single registration is allowed with it) check for a wordpress user with matching username or email
If a wpuser is found, set the current user as that
If no user is found create a new wordpress user and set him as the current user
There are neat API's available for doing this in wordpress. We have used it to integrate wordpress with many external websites, CMS and Social networking sites like Elgg.
You should have a look at the bbPress Integration plugin that does the same thing to integrate WordPress and BBPress forums.
Basically you will simply need to create some cookies on the user browser crypted with the appropriate secret keys.