英文:
Authentication from wordpress REST API
问题
在搜索了WordPress文档和Google之后,我没有找到任何适合实现我的目标的方法:能够从使用Node.js构建的自定义第三方应用程序登录WordPress。
步骤是检查用户名/密码是否为管理员,并在我的外部应用程序上处理任务。
有人已经使用WordPress的REST API进行用户验证吗?不需要安装任何插件,我只想从服务器获取响应,以确定我的用户名/密码是否正确并且是管理员,我知道可以查询数据库进行检查,但我想通过内置的wp rest api 进行验证。
谢谢。
英文:
After searching form wordpress documentation and google, i haven't find any proper way to achieve my goal : able to login to wordpress from custom third party application built with nodeJs.
The steps is check if couple username / password is administrator and process tasks on my external app.
Anyone has already used the REST API of wordpress to auth user? WITHOUT INSTALLING ANY PLUGIN , i just want to get response from server if my couple username/ password is true and is administrator, i know i can asks the database to check but i want to pass throught the built-in wp rest api.
Thank you.
答案1
得分: 0
简单的答案是否定的,原因如下:
尽管 Cookie 认证是 WordPress 中唯一原生支持的身份验证机制,但可以添加插件以支持从远程应用程序进行工作的替代身份验证方式。一些示例插件包括 OAuth 1.0a Server、Application Passwords 和 JSON Web Tokens。
然而,有一种痛苦且不安全的方式,即使用纯 HTTP 认证,不建议这样做。
安全的推荐方式是获取 WordPress JWT 或 oAuth 服务器扩展,并处理更加方便和安全的标准身份验证流程,WordPress 已经列出了它们,这些在引用中有提到。希望这有所帮助!
英文:
The simple answer is no, and here is why
> While cookie authentication is the only authentication mechanism
> available natively within WordPress, plugins may be added to support
> alternative modes of authentication that will work from remote
> applications. Some example plugins are OAuth 1.0a Server, Application
> Passwords, and JSON Web Tokens.
Source: WordPress Official Handbook
However there is a painful and insecure way of doing it with plain HTTP authentication which is not recommended.
Recommended way of doing this securely is to get WordPress JWT or oAuth Server extension and deal with standard authentication process which is more convenient and secure, WordPress already lists them which are referenced in the quote. Hope this helps!
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论