How to connect android app with Wordpress website?

after a lot of search on the internet I found that to connect an android application with a wordpress website I have to use JSON API. In my website users are able to register or login to their unique account(Like it is on facebook, gmail, tweeter etc.). The problem I am facing is that I cannot understand how to link the data between the website and the android app so as the users will be able to use both of them with the same account. The problem is that in my JSON API user passwords are stored in hashed form, something like that:

{
1: {
        ID: 1,
        user_login: user1,
        user_pass: $P$BT6.fyjiaKZVEx/jM8sy5kC4QRkizg.,
        user_nicename: user-1,
        user_email: [email protected],
        user_url: http://localhost/MyWebsite,
        user_registered: 2021-10-27 21:29:02,
        user_activation_key: ,
        user_status: 0,
        display_name: User 1
    },
    2: {
        ID: 2,
        user_login: user2,
        user_pass: $P$BArUGOBZAJfD1J3sE8OgRA3Bk1Ynfg/,
        user_nicename: user-2,
        user_email: [email protected],
        user_url: ,
        user_registered: 2021-10-31 18:31:32,
        user_activation_key: ,
        user_status: 0,
        display_name: User 2
    }
}

So, is there a way to connect those data with the application?

Topic authentication rest-api json android Wordpress

Category Web

1
answered at

Out of the box there is no mechanism for a user to login via the REST API to begin a session without pre-configured access. WordPress Core provides 2 authentication methods for the REST API:

  • cookies + nonces
  • application passwords

Likewise there is no mechanism for registering for an account via the REST API, user creation requires authenticated requests from a user with admin access. Note that making such requests carries risk, you do not want those kinds of credentials being used in your application as it would make your site extremely easy to hack.

You might be able to do this via 3rd party authentication plugins however.

https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/#authentication-plugins

There are also plugins that try to fill this gap, though I cannot recommend them here as recommendations are off topic here, and any recommendation would be quickly out of date.

The problem is that in my JSON API user passwords are stored in hashed form, something like that:

Exposing hashed passwords is dangerous, exposing plaintext passwords is even more dangerous. Both would be considered a data breach. Storing plaintext passwords would be seen as gross negligence and would make your app fail many forms of compliance. It could be illegal to offer your application in some countries if plaintext passwords were used.

The user_pass is of no use to you here, and its presence in your example implies that you've given your application an alarming level of access to your site.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.