Set up WP Authentication from External API

admin管理员组

文章数量:1277381

There’s an existing non-WP site, and I need their users to be able to log in on my new Wordpress site with the same credentials they already have.

I have been provided with an endpoint (www.example-api/token) and login creds (email and password) which gives out a token (and other details) as the response.

I have been reading on OAuth and most of what I get are resources from problems that are other way around (as in login on a non-WP site using their creds on the WP site). I don’t have access to the other site and I see it needs setting up there so, shall I cross this out?

I’ve stumbled upon overriding the wp_authenticate via a custom plugin, which I’ve already set up but I’m stumped as to what and HOW to even do this.

Any guide or boost for this?

There’s an existing non-WP site, and I need their users to be able to log in on my new Wordpress site with the same credentials they already have.

I have been provided with an endpoint (www.example-api/token) and login creds (email and password) which gives out a token (and other details) as the response.

I have been reading on OAuth and most of what I get are resources from problems that are other way around (as in login on a non-WP site using their creds on the WP site). I don’t have access to the other site and I see it needs setting up there so, shall I cross this out?

I’ve stumbled upon overriding the wp_authenticate via a custom plugin, which I’ve already set up but I’m stumped as to what and HOW to even do this.

Any guide or boost for this?

• api
• authentication

Share Improve this question asked May 31, 2017 at 9:39 SuikaSuika 31311 gold badge22 silver badges1010 bronze badges 2

• There is absolutely no feasible way I currently see without a door from the non-WP site to this effect. Otherwise: where do you have to confirm the credentials submitted by users from the non-WP site on your site are truly correct and corresponds to a given user? Hope you understand! – nyedidikeke Commented May 31, 2017 at 11:17
• 1 I think I didn't made myself clear enough – I had access to an endpoint and also some test data for the email address and password of the accounts I need. I did it though, I'll post it. Thank you for your help! :) – Suika Commented Jun 5, 2017 at 9:58

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 12

Update: Made a blog post to explain this better :)

---

I was able to do this by WP's authenticate filter inside a new plugin; most of which is guided by this tutorial by Ben Lobaugh. Major points on the plugin:

• Make an API call function using cURL (you can get guide codes from Postman upon testing if you don't know already).
• Add filter checking if the response from the call says the user is existent and has access (based on user role in my case).
• Still using the filter, check if the user already has an account on the WP site – if not, create one for them using wp_insert_user. For clarification, I used the email and password verified by the API because WP requires a registered user on its database.
• If the user already exists on the WP database, make sure their credentials are the same using wp_update_user. These are for cases like when they changed their details on the main non-WP website.
• Optionally, add a settings page for the plugin. In my case, I created a field for the Request URL by following this tutorial by Bharat Pareek.

本文标签： Set up WP Authentication from External API