Accessing private WordPress data via API

djuric · September 23, 2020, 6:03pm

Hello,

I have React application for which I’m using with @auth0/auth0-react library. This works great for authenticating users and accessing their user profile information on auth0.

However, I have separate WordPress installation with protected data which I would like to show only to users authenticated via auth0 inside my React application. What would be the best way to achieve this?

I know that WP doesn’t actually have JWT way of handling REST API requests and I would probably need to find a plugin to do this. If I get the plugin working, I’m still not sure this would be enough to connect auth0 with WP API. I can’t seem to understand whether this would be “Machine to Machine” type of connection. This type of connection requires auth0 specific SDK which I guess is not implemented in any of the WP plugins.

Thanks for any help or advice you can provide on this.

dan.woda · September 24, 2020, 5:28pm

Hi @djuric,

Welcome to the Community!

I am not familiar with the wordpress API. How are you authenticating your calls against it?

djuric · September 24, 2020, 9:13pm

hey @dan.woda

I’m using one of the WP JWT plugins. User sends request to an endpoint with username/password and if they are valid then JWT token is sent in response. User can then send a new request with this JWT in request headers (Bearer token) to access protected resource.

dan.woda · September 25, 2020, 8:29pm

Have you looked at integrating your users with the worpress social connection in auth0?

I am still a little bit confused on how this is set up. Do you have a user db within auth0 and a Wordpress user db?

djuric · September 26, 2020, 9:36am

hi Dan,

Thanks for your reply and for trying to help out with this.

Have you looked at integrating your users with the worpress social connection in auth0?

If I understood correctly, this plugin is only for authentication of users via login screen of actual wordpress website. Instead of regular WP login form they use auth0 and that’s pretty much it. It will not help with adding authentication for REST API that could be accessed by remote React application.

I am still a little bit confused on how this is set up. Do you have a user db within auth0 and a Wordpress user db?

I currently don’t have any users, I’m just starting with building application. I would prefer if I could have all users on auth0

dan.woda · October 13, 2020, 9:22pm

Okay, if I understand correctly you are going to be logging in users to your React app via auth0, with the user’s stored in an Auth0 DB. Then you want to access the wordpress rest API to get data for those users.

I looked into it a bit more and we don’t have a built in solution for this that I can find.

Are you trying to set up wordpress as a headless CMS, like this?

dan.woda · October 13, 2020, 9:22pm

I am going to mark this resolved. Please open another ticket if you need more help.

system · October 28, 2020, 9:22pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

josh.cunningham · January 13, 2021, 1:46am

Quick note for anyone looking to accept Auth0 access tokens in WordPress … I wrote a guide here: