Best way to log user in

  • Resolved chantaspell

    (@chantaspell)


    4 years, 5 months ago

    Hi
    Again, apologies for noobish question and thanks for all your work in the plugin!

    I am a bit unclear on how best to login users. I have managed to do it but it I think there’s probably a better way.
    This is my current set up:

    My REACT app’s form collects username and password and uses fetch to make a POST request to authenticate:

    let urlToAuth = 'https://mydomain.com/?rest_route=/simple-jwt-login/v1/auth&username=' + username + '&password=' + password;
      
      fetch(urlToAuth, {
          method: 'POST',
              })

    This successfully returns a JWT.

    Next, I use that JWT on a GET request to autologin the user (is that the right way to do it?)

    let urlToLogin = 'https://mydomain.com/myLoginScript.php?jwt=' + jwt

        fetch(urlToLogin, {
            method: 'GET',
        }

    myLoginScript.php is an intermediary server side file that adds the Auth Key. It looks like this:

    $jwt = $_GET['jwt'];
$MyAuthKey = "AUTHKEY";
$url = 'https://mydomain.com/?rest_route=/simple-jwt-login/v1/autologin&jwt=' . $jwt . '&MyAuthKey =' . $AUTHKEY;

$reply = file_get_contents($url);
if($reply !== false){
    echo $contents;
    // tried adding header to new url
   //header('Location: '.$url);
}
else {
	echo "fail";
}

    This returns a response with a status 200 but does not log the user in (when I check by manually going to wordpress homepage). If I uncomment header header('Location: '.$url) and manually go to the wordpress homepage, the user is then logged in and it returns the source code of the wordpress homepage to me (but it doesn’t redirect automatically, although in the plugin settings I have the Redirect after Auto-Login set to Custom).

    One thing I could do is take the returned source code as a sign that the user is successfully logged in, and redirect them to where I want them to be from within REACT, but that seems like a bit of a workaround.

    So how should I handle the login request so it returns a success message and redirects the user?

    Sorry if I have over or under complicated this!

    Many thanks for any help!

    • This topic was modified 4 years, 5 months ago by chantaspell.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Nicu Micle

    (@nicu_m)

    Hello @chantaspell,

    I remember we spoke on a separate thread about registering different types of users with “Auth keys”.

    So, I was thinking something about this:
    1. From react, you make a POST request to your custom script with the email and password for the user.
    2. this script should look something like this:

    
 $username = $_REQUEST['email'];
 $password = $_REQUST['password'];
 $AUTHKEY = 'your_auth_key';
 
//Create the user
$url = 'https://mydomain.com/?rest_route=/simple-jwt-login/v1/users&email=' . $email . '&password='. $password . '&AUTH_KEY=' . $AUTHKEY;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close ($ch);

//Authenticate
$authenticationUrl = 'https://mydomain.com/?rest_route=/simple-jwt-login/v1/auth&email=' . $email . '&password='. $password;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close ($ch);
$jwt = isset($server_output['data'])&& isset($server_output['data']['jwt'])
   ? $server_output['data']['jwt']
   : null;

//display the JWT so you can get it from react
echo $jwt;

    After this, in react, you will check if the response from your custom script it is not null. If the response is not null, that means you get the JWT.

    Now, you simply have to redirect to the autologin URL with javacsript:

    
   let jwt = '';//GET from SCRIPT
   window.location.redirect  = 'https://mydomain.com/?rest_route=/simple-jwt-login/v1/autologin&jwt='+ jwt;

    This should work.

    Let me know if you have other questions.

    Best regards,
    Nicu.

    Thread Starter chantaspell

    (@chantaspell)

    Thanks @nicu_m that’s really helpful!
    It’s working as I want it to now!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Best way to log user in’ is closed to new replies.