When I attempt an OAuth handshake, the first step is a GET call to obtain an access code like so. # Redirect to request authorization code $url = $this->get_authorization_url(); header("Location: $url"); exit; Just before I send this I store the current URL in a $_SESSION['last_url'] variable so that after authentication is complete I can redirect it back to the page the user originally attempted. This authorization url uses the client id and secret to obtain an access code which is …
In a wordpress installation I am trying to fetch data from the search google console api. Seems I need Oauth 2.0 Is there some short code that I can use without installing all the libraries with composer? Cannot find code which does it without the libraries.
I am using Google OAuth API to create a login system and fetching youtube channel data in Wordpress. I have done to get channel data and email id also get access_token, token_type, expires_in, refresh_token and id_token but I have no idea how to achieve login system in Wordpress can anyone guide me how to do that and also let me know my below code is correct or can be shorten. Thanks $client_id = 'xxxxxxxxxxxxxxxxxxx'; $client_secret = 'xxxxxxxxxxxxxxx'; $redirect_uri = 'http://localhost/mysite/oauth2callback'; …
I am trying to integrate google calendar with a wordpress plugin. As per the google api documentation I am authorizing using google oauth2. When it returns the code and scope in the url the scope part of the url is causing a 404 on wordpress. If I edit the scope parameter value to something else say "123" it works fine. This is the scope part of the url returned &scope=https://www.googleapis.com/auth/calendar To reproduce use a wordpress website. Non working Example: https://whateverdomain.com/?scope=https://www.googleapis.com/auth/calendar …
I'm developing a plugin that inserts contacts into a custom table of the WordPress database (name, phone number, email). It is possible to enter data in this table either manually, through a form, or by importing it from WordPress users. I have also developed a feature to import contacts from Google Contacts (Google People). Everything works but I ask you: when I will provide the plugin to my customers how can I do to avoid also providing the client_secret.json file …
Is there a way to require authentication for WP REST API GET Requests? The people I was researching always added a command if the is_user_logged_in(). But it closes these external queries altogether. My purpose is that someone who owns a token with oAuth can request a GET.
One of the main purposes of an API is to allow the integration of different services/systems. Let's consider that the WordPress REST API can have both public and protected endpoints, where public endpoints do not require any form of authentication, and protected endpoints do. Example of a public endpoint: GET https://main.loc/wp-json/wp/v2/posts Example of a protected endpoint: POST https://main.loc/wp-json/wp/v2/posts Internally, WordPress protects the POST endpoint like this: WordPress 5.4: wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php:550 if ( ! current_user_can( $post_type->cap->create_posts ) ) { return new WP_Error( …
Question for anyone who might be using OAuth 1.0 to access the REST API (via the official OAuth 1.0 repo). Small preface to say that I've researched this and seen multiple other questions that are similar, but not exactly applicable to my situation. I've tried various suggested fixes from multiple sources, searches, and StackExchange and seem to be no closer to a solution. I'm running into a strange issue where I'm getting sporadic signature mismatch errors. About half the time, …
Question: Is there a way to output headers with either wp_redirect() or header() when a user is requesting an admin dashboard page with additional query parameters? ex: https://example.com/wp-admin/admin.php?page=example_page+auth_code=1234xyz+state=abcdef1234 When I try calling either function above in my PHP script which displays the admin page, (hooked into add_submenu_page) nothing is done, and the page simply terminates Reason: I am trying to implement OAuth 2.0 with Intuit Quickbooks Online and need to refresh the redirect link sent back from Intuit Quickbooks. I …
I'm pretty new to Google OAuth 2.0 config and please allow me to ask this question. I have a wordpress site which protocol will be updated to https from http. On the site, it pulls data from google api with using OAuth 2.0 with 'http://*' as redirect url. After making the site protocol https, I am going to add redirect setting on wordpress server side from http to https. My question is whether google api data will be still available …
I am sturggling with how authentication works in my scenario. I have Wordpress site which provides set of custom APIs secured behind oAuth2 Authentication using Wp OAuth Server plugin. I started with building simple custom endpoint by extending WP REST API (WP API) plugin. I setup up my endpoint as POST /api/v1/projects, where my callback function is even more simple, function create_projects() { // my code to create new project return ['code'=>201, 'message'=>'project created']; } So far so good. This …
I am creating my first WordPress plugin. It is a Twitter plugin that uses Twitter API 1.1 and OAuth 2.0 to generate a bearer token and then use that to fetch Tweets from Twitter. The plugin is almost ready to be launched. Right now, the user of the plugin will need to go here: https://developer.twitter.com/en/apps/create and create a new app, filling in all details, so that they can generate their Consumer API key & secret to use with my plugin. …
I have some API endpoints. For example: add_action('rest_api_init', function () { register_rest_route(MY_APP_NAMESPACE, '/init', array( 'methods' => 'GET', 'callback' => function (WP_REST_Request $request) { return get_current_user_id(); } )); } I am trying to test this endpoint with Postman. I have generated 'X-WP-Nonce' with my localized script. And I am taking the nonce code from the browser console, and passing it through postman Headers. But I am getting { "code": "rest_cookie_invalid_nonce", "message": "Cookie nonce is invalid", "data": { "status": 403 } } …
My scenario: JWT auth for user queries, which requires to customize .htaccess to recognize the Bearer Authorization header OAuth 1.0a for system queries, and because of .htaccess customization the auth parameters need to go into the body/query string I use React for the frontend, WP/WooCommerce as backend. I use axios (I'd like to avoid replacing it for lower-level alternatives) and for OAuth 1.0 I use oauth-1.0a. Now GET requests work fine when the oauth parameters are in the querystring, but …
Sorry if some parts of this question seem obvious, I'm a newbie at WordPress and this is the first time I tap into oAuth workflow manually (without using a social login plugin). There is this oAuth2 server that provides central authorization for all sites/apps of organization (let's call it X-Org). What I want to do is allow my Woocommerce customers login/register via X-Org server and come back to Woo for checkout. What I am thinking as a procedure is: User …
I have a unique situation that I'd love some help with if possible: My company manages a lot of WordPress sites. Each site has its own unique set of users (same users throughout all sites, but some only access X, others access Y, others both X&Y, etc). We use a custom SSO plugin to manage all that, with permissions and the like, which all works perfectly. I've built an app in Laravel, that has both public and private routes. I …
I'm building some functionality within one of my WordPress sites that integrates with a third-party API, and that API uses OAuth 2.0. I use both the client ID and secret every time I need a new access token, which is going to be at least once a day as the access token expires after 24 hours. (Generating a new access token also generates a new refresh token, and the previous refresh token is invalidated.) I'm storing the tokens in the …
Basically what i want to do is: Use Wordpress as a login system and data storage for web-application on another domain. Make users able to register and perform REST calls from the application. Let users manage their accounts and post contents without using wp-admin at all. For REST Api i found a really nice plugin: http://v2.wp-api.org/ however after using POST method my wordpress is saying: "Sorry, you are not allowed to create new posts." - Because I'm not logged in. …
I am building a plugin that will need to access the administrator's analytics account and pull some data on regular intervals, using the WP-Cron mechanism. I have looked at the instructions for authorizing the analytics API version 4. My plan is to let the administrator do OAuth2 authorization with Google offline access. The user will verify their account and get back a token that can be copy-pasted into the plugin for API access. The plugin can then refresh the token …