Advice on joining authentication from WordPress

I have requirement to link a wordpress installs authentication system with one of my APIs. I have got this working by making a WordPress plugin that when a wordpress user logs in it re-creates the SS JWT so any embedded component making calls will work as long as user is logged into WordPress.

This works but I don’t like the way that I have to put the JWT key inside the WP plugin as this will cause some complications.

I think it should probably work with API key auth but I can’t quite think my way through how that will work without exposing key to wordpress users.

I basically want each wordpress user to be able to make auhenticated calls to the API. I could grant the site an API key but how to I generate a user token for users to make requests with?

What would be the proper way to structure this with ServiceStack?

Thought about it some more I imagine this is what I need to do:

  1. Create endpoint that only api key users can hit that accepts user details
  2. Generate a jwt token manually inside the endpoint return it
  3. In WP plugin set token in a cookie

I’ll give that a try

1 Like