I have requirement to link a wordpress installs authentication system with one of my APIs. I have got this working by making a WordPress plugin that when a wordpress user logs in it re-creates the SS JWT so any embedded component making calls will work as long as user is logged into WordPress.
This works but I don’t like the way that I have to put the JWT key inside the WP plugin as this will cause some complications.
I think it should probably work with API key auth but I can’t quite think my way through how that will work without exposing key to wordpress users.
I basically want each wordpress user to be able to make auhenticated calls to the API. I could grant the site an API key but how to I generate a user token for users to make requests with?
What would be the proper way to structure this with ServiceStack?