oAuth2 Authentication in Wordpress using WP OAuth Server and WP API plugins

I am sturggling with how authentication works in my scenario.

I have Wordpress site which provides set of custom APIs secured behind oAuth2 Authentication using Wp OAuth Server plugin.

I started with building simple custom endpoint by extending WP REST API (WP API) plugin. I setup up my endpoint as POST /api/v1/projects, where my callback function is even more simple,

function create_projects() {

      // my code to create new project
      return ['code'=201, 'message'='project created'];
}

So far so good. This API is available and I can get the list of projects using POSTMAN Chrome Extension.

The part where I am having issues is to implement authentication. So only authenticated users are able to comsume this api. How can I setup authentication and which authentication will suit me in this scenario where my wordpress site is hosting the projects and only authenticated users will be able to create new projects on my site using the API i provided as above.

Can someone please point me to right direction?

Update#1

I have manage to implement oAuth2 Authentication and will answer my question when I have a time. In case you are interesting in knowing how to do it, drop me a comment

Topic wp-api oauth plugins Wordpress

Category Web

1
answered at

I am using this plugin https://garazlab.com/product/wp-oauth-sso-multiple-wordpress-user-sync/ for oauth2 and SSO. you can try it also.

1
answered at

You will have to follow the details from the developers website located here. (FYI, I am one lead on the project). Basically, what is boils down to, is that you are going to create a client in WP OAuth Server and give the details to your authenticated users. Your users would then setup using the grant type of "password" (user credentials). This is not ideal but will get you to a place your can expand the framework.

If you feel like getting your hands dirty, you can add a custom meta field to your user accounts that will say if they are allowed to access the data or not. Then, every time a user authenticates, you can either allow them access to WP OAuth Server or block access based on if their account has the correct meta value or not.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.