How can I login the user by API without storing its info in the wordpress database.

Question

Just like facebook login I want my user to get logged into my wordpress site by api. I want to get logged-in without storing the any info of user in the wordpress database. here is what I tried

$ch = curl_init();
$username = $_REQUEST['value'];
curl_setopt($ch, CURLOPT_URL, 'http://api.ig.sapps.com/userLogin?emailOrUsername='.$login_data['user_login'].'&password='.$login_data['user_password'].'&api_token=12345&device_id=0&device_type=0');
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$res = curl_exec($ch);
$result = json_decode($res);

if ($result->code == 400) {
$login_error = $result->message;
$all_errors = array($login_error);
}
if ($result->code == 200) {
wp_set_current_user($result->data->id, $result->data->username);
wp_set_auth_cookie($result->data->id);
do_action('wp_login', $result->data->username);

But I am not able to logged in. Please help me out.

Answer 1

There are so many Authentication technique... but I will explain only 2 way. (If user will login you app this user will anyway use his/hers private data other way meaningless)

1) Common Token Based Authentication Which you have to persist some data on BackEnd to check this data in every request.

2) JWT - Some Third Part Authorization Centers uses this technique. With this way you have not persist user data. Validation takes with your (Third Part Authorization Center's) unique and private SIGNATURE.

With second way you or Third part Authorization Centers saves some unique and Secured Signature and validates this user login and api call request with this sign.