I am sturggling with how authentication works in my scenario.
I have Wordpress site which provides set of custom APIs secured behind oAuth2 Authentication using Wp OAuth Server plugin.
I started with building simple custom endpoint by extending WP REST API (WP API) plugin. I setup up my endpoint as POST /api/v1/projects, where my callback function is even more simple,
function create_projects() {
// my code to create new project
return ['code'=>201, 'message'=>'project created'];
}
So far so good. This API is available and I can get the list of projects using POSTMAN Chrome Extension.
The part where I am having issues is to implement authentication. So only authenticated users are able to comsume this api. How can I setup authentication and which authentication will suit me in this scenario where my wordpress site is hosting the projects and only authenticated users will be able to create new projects on my site using the API i provided as above.
Can someone please point me to right direction?
Update#1
I have manage to implement oAuth2 Authentication and will answer my question when I have a time. In case you are interesting in knowing how to do it, drop me a comment
I am sturggling with how authentication works in my scenario.
I have Wordpress site which provides set of custom APIs secured behind oAuth2 Authentication using Wp OAuth Server plugin.
I started with building simple custom endpoint by extending WP REST API (WP API) plugin. I setup up my endpoint as POST /api/v1/projects, where my callback function is even more simple,
function create_projects() {
// my code to create new project
return ['code'=>201, 'message'=>'project created'];
}
So far so good. This API is available and I can get the list of projects using POSTMAN Chrome Extension.
The part where I am having issues is to implement authentication. So only authenticated users are able to comsume this api. How can I setup authentication and which authentication will suit me in this scenario where my wordpress site is hosting the projects and only authenticated users will be able to create new projects on my site using the API i provided as above.
Can someone please point me to right direction?
Update#1
I have manage to implement oAuth2 Authentication and will answer my question when I have a time. In case you are interesting in knowing how to do it, drop me a comment
Share Improve this question edited Aug 18, 2015 at 8:44 Ghazanfar Mir asked Jul 27, 2015 at 13:50 Ghazanfar MirGhazanfar Mir 1631 gold badge2 silver badges10 bronze badges2 Answers
Reset to default 1You will have to follow the details from the developers website located here. (FYI, I am one lead on the project). Basically, what is boils down to, is that you are going to create a client in WP OAuth Server and give the details to your authenticated users. Your users would then setup using the grant type of "password" (user credentials). This is not ideal but will get you to a place your can expand the framework.
If you feel like getting your hands dirty, you can add a custom meta field to your user accounts that will say if they are allowed to access the data or not. Then, every time a user authenticates, you can either allow them access to WP OAuth Server or block access based on if their account has the correct meta value or not.
I am using this plugin https://garazlab/product/wp-oauth-sso-multiple-wordpress-user-sync/ for oauth2 and SSO. you can try it also.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744955810a4603183.html
评论列表(0条)