[英]Authenticate with Wordpress cookie through API from a subdomain
I want to access the current logged in Wordpress user in a separate Laravel installation. 我想在单独的Laravel安装中访问当前登录的Wordpress用户。
Wordpress is running as website.com and I've got a subdomain with tool.website.com with the Laravel application (on another server but same domain). WordPress是运行的website.com和我有与该Laravel应用(另一台服务器,但相同的域上)tool.website.com一个子域。
I'm using the Native Wordpress API and created an authentication route. 我正在使用本机Wordpress API并创建了身份验证路由。
The issue: 问题:
When I access the /authenticate route directly, the user ID is returned and works correctly. 当我直接访问/ authenticate路由时,将返回用户ID并可以正常工作。 But when I access the route through tool.website.com false is returned..
但是,当我通过tool.website.com访问路由时,将返回false 。
Things I've got working: 我正在做的事情:
I've created an API request which returns the user id in an API call: 我创建了一个API请求,该请求在API调用中返回用户ID:
add_action( 'rest_api_init', function () {
register_rest_route( '/authenticate', array(
'methods' => 'GET',
'callback' => 'authenticate',
) );
} );
The function looks like this: 该函数如下所示:
$user_id = wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' );
The WP cookie is available on both the sub / main domain. WP cookie在子/主域上均可用。 I can see they are identical and toplevel.
我可以看到它们是相同的且是顶级的。
define('COOKIE_DOMAIN', '.website.dev');
Things I've tried: 我尝试过的事情:
I'm wondering if my approach is in the right direction. 我想知道我的方法是否朝着正确的方向发展。 Hopefully someone can give me some guidance.
希望有人能给我一些指导。
I found the following workaround: 我发现以下解决方法:
- tool.website.com Send the Cookies from tool.website.com to the API as post data. -tool.website.com将cookie从tool.website.com发送到API作为发布数据。
$cookie_array = $_COOKIE;
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($cookie_array)
)
);
$context = stream_context_create($options);
$data = file_get_contents(self::BASE_URL . "authenticate", false, $context);
- website.com Retrieve the cookie from Post data, and use the standard LOGGED_IN_COOKIE
constant in Wordpress to select the correct one (this can be refactored to sending the correct cookie at once). -website.com从Post数据中检索cookie,并使用Wordpress中的标准
LOGGED_IN_COOKIE
常量选择正确的cookie(可以将其重构为立即发送正确的cookie)。
// We retrieve the cookie (which is sadly not available through the API call alone)
$the_cookie = $request->get_body_params();
// As the cookie lives at domain level, we can use the same Cookie key in the WP API and other subdomains of this domain
// The cookie key remains the same
$user_id = wp_validate_auth_cookie( $the_cookie[LOGGED_IN_COOKIE], 'logged_in' );
This solution seems steady; 这种解决方案似乎很稳定。 hopefully it will help someone.
希望它将对某人有所帮助。 If there are other solutions, please add them in this topic;
如果还有其他解决方案,请在本主题中添加; as I'm sure there must be different ways achieving this.
因为我敢肯定,必须有不同的方法来实现这一目标。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.