0

Im trying to create a small widget that gets the authenticated user from the actual web app, which is in python/django(hosted on example.com), and sets headers across subdomains(*.example.com). The users. The users logged in on example.com should be able to use WordPress(hosted on blog.example.com) without again having to register/login to wordpress. Here I am trying to autologin(without password for WordPress) those users on WordPress so they can write blogs. I have written a small shortcode that does the above thing. Though the user is logged in, the /wp-admin still redirects to the login page. Below is the shortcode I wrote:

<?php
echo "STARTED";
$url = "https://app.example.com/api/user_profile/?my=1";

$arguments = array(
    'method' => 'GET',
    'cookies' => $_COOKIE
);
$response = wp_remote_get($url, $arguments );
if ( !is_wp_error( $response ) ) {
    $body = wp_remote_retrieve_body( $response );
    $data = json_decode( $body );
    $final_user = array();
    $userID;
    $email;
    $username;
    foreach ( $data as $datapoint ) {
        $email = $datapoint->email;
        $username = $datapoint->username;
    }
    $user_exists = get_user_by("email", $datapoint->email); 
    if (!$user_exists){
            $user_info = array();           
            $new_user_id = wp_create_user($datapoint->username, $datapoint->username, $datapoint->email);
            $final_user = get_user_by("id", $new_user_id);  
        } else {
        $final_user = $user_exists;
    }
    
    // Login the user now
    foreach ( $final_user as $fuser ) {
        $userID = $final_user->ID;
    }
    echo "<br/>uerID -  ";
    echo $userID;
    
    $user = get_user_by("login",$username); 
    wp_set_current_user($user->ID);
    wp_set_auth_cookie($user->ID);
    do_action( 'wp_login', $user->username, $user );                                      

    echo "<br/> inside done";
} else {
    echo "Something went wrong";
}

echo "<br/>-----------done"
?>

Im not sure what is wrong with the above code. I want the user to access /wp-admin so they can write posts if they are loggedin on our webapp. We are making an API request to our web app from our wordpress(protected private API for our use only) to get authenticated users on our app. This is the first time wrote PHP code, so it's not production ready (will write the optimal code later). Any help would be very appreciated. Please do let me know if there is anything more I need to provide.

Shreehari Vaasistha L
  • 78
  • 1
  • 8
  • 2
    *"Im trying to create a small widget that gets the authenticated user from the actual web app"* - so there are two web apps? – Bagus Tesa Oct 01 '22 at 14:25
  • 1
    It's very unclear what you're trying to do and where you want to do it. Please [edit](https://stackoverflow.com/posts/73918872/edit) the question and provide a more detailed example of the different sites/subdomains, their relation to each other (domains/subdomains, if they all are WP (multisite?) etc) and explain what you want to do what you want to do on which site and what you expect to happen where. – M. Eriksson Oct 01 '22 at 15:20
  • @BagusTesa One webapp is built using python/django(hosted on example.com) and the other is wordpress(hosted on blog.example.com). – Shreehari Vaasistha L Oct 02 '22 at 10:32
  • @M.Eriksson Sorry for not explaining the requirements. I want the users who are logged in on our web app built using the app python/django(hosted on example.com) to be able to write posts in WordPress deployed by us(hosted on blog.example.com). I have edited the question and I hope I was able to better share the problem statement. – Shreehari Vaasistha L Oct 02 '22 at 10:35
  • 1
    @ShreehariVaasisthaL so, somekind of single sign-on (sso)? if you are wiling to write [oauth](https://stackoverflow.com/questions/4201431/what-exactly-is-oauth-open-authorization) server, looks like you can use wp [oauth client plugin](https://wordpress.org/plugins/oauth-client/) - or write one yourself. ps. i havent tried that plugin myself though. – Bagus Tesa Oct 02 '22 at 11:10
  • @BagusTesa Yes, it will be some kind of SSO, I did try that approach where on login with SSO button had to be provided for the users to get authenticated on wordpress. But we don't want users to click on the login button again on wordpress. – Shreehari Vaasistha L Oct 02 '22 at 11:13

0 Answers0