OAuth 2 and saving the authenticated user

I have quite a peculiar scenario.

I have one WordPress site (Site A) where I have a large amount of users that have registered and I use the s2member plugin to subscribe these members to allow access to parts of the website.

I want to release another product that users need to subscribe separately for but a limitation with the s2member plugin means that I can't have two subscriptions for one user at the same time.

I've come to the conclusion that I need to make another WordPress site (Site B) (with it's own instance of s2member) and have my users register there for the additional subscription to access the product.

My aim is to make the process of bouncing back between the two Wordpress sites as simple as possible and try to remove the need to re-register on Site B. I want people to register on Site A, then be able to login to Site B with their login details from Site A.

I've looked at WPMUDev's User Sync plugin but the problem with this is that it will pull all of the s2member data for a user as well as everything else, which I don't want.

So I started looking at using Site A as an OAuth provider and authenticating with that on Site B. I have this working and I can create the logged in session and get all of the user's details (minus the sensitive information of course) on Site B.

This is looking really promising up until the point where I need to give that newly authenticated user on Site B an s2member profile, so they can subscribe to my new product. I can't do this unless they are officially registered as a User on Site B and I can't register the user with their password from Site A because 1) I don't want to send that information through HTTP (or HTTPS) and 2) if they update their password on Site A, it won't update on Site B.

This brings me to my million dollar question: how would you register/save a user without a password to my Site B once they have authenticated with Site A?

If you see any other possibilities with the situation I've explained, I am open to suggestions.

Thanks.

Topic oauth s2member authentication password users Wordpress

Category Web

1
answered at

It seems like you are insisting on making your life difficult. Implementing any type of API is error prone to the best of developers and real time sync can fail due to network errors, bugs etc, and I would be very hesitant before selecting such an option.

Using a network is probably the best option for several reason, but if you feel like it do not fit your needs, your other best alternative is to simply connect directly to the DB of site A to get the relevant information. In a way it is a variation on the API idea, but since it has only one authoritative source for the data and you will use battle tested protocols to retrieve the info, the chances of successful implementation are much higher.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.