WordPress REST API Authentication using Third Party Provider method involves the use of token received from the third party for authentication. Each time a request to access the API will be made, the authentication will be done against that token, and on the basis of the verification of the API token, the resources for that API request will be allowed to access.
Download And Installation
- Log into your WordPress instance as an admin.
- Go to the WordPress Dashboard -> Plugins and click on Add New.
- Search for a WordPress REST API Authentication plugin and click on Install Now.
- Once installed click on Activate.
Use Case: Authenticate/protect WordPress REST API Endpoints using the JWT token obtained from Social Login/OAuth 2.0/OpenID Connect Identity providers(Server).
- Suppose you have a mobile application, and you have provided your user to login with multiple social login providers like Google, Facebook, Apple, Linkedin, Instagram or other OAuth/OpenID Connect providers, AWS Cognito, Auth0, Microsoft Azure, Okta, Keycloak etc. and you want your users to access the WordPress REST API endpoints from the mobile applications, so you can perform authentication of the WordPress REST API endpoints access based on the access/id token obtained from the OAuth/OpenID Connect Identity providers(server) while single Sign On(SSO) for login into your application. So the access/id token/JWT is passed in the Authorization header of the API request with the token type as Bearer and validation of that token is done directly through the corresponding OAuth/OpenId Connect Identity providers. So the validation request is made internally to the corresponding OAuth/OpenID Connect Server. If the validation of that token is successful, the REST API request will result in resource/data access and on the validation failure, the error response will be returned. In this way the resources/data can be protected with top level of security with authentication directly from OAuth/OpenID Connect Identity providers.
- How this use case for the authentication can be achieved with our plugin:
1. The WordPress REST API Endpoint request is made with the access/id token obtained from the OAuth/OpenID Connect Identity providers passed in the Authorization header with the token type as Bearer.
2. The WordPress REST API request is monitored by our plugin and the JWT token validation/authentication request is sent to the OAuth/OpenID Connect Identity provider(Server).
3. The response is returned from the OAuth/OpenID Connect Identity provider(Server) for the request being made earlier to validate the JWT token.
4. If the JWT token validation/authentication is successful then the requested resource is allowed to be accessed which means the requestor is now authorized to access the resource/data and if in case, the token validation is failed then an error response will be returned. So the resource data is now protected and can be accessed on authorization, hence the security is not a concern.
Related usecase: How to prevent WordPress REST API endpoints using the JWT token provided by Social Login or OAuth2.0/OpenID Connect Identity Providers?
How to perform authentication and ensure security or perform authorization to grant access to the WordPress REST API endpoints on the basis of the access/id token provided by Social Login/OAuth providers during OAuth/OpenID SSO login flow?
Read Use Cases for the following Rest API Authentication Methods:
Step 1: Setup WordPress REST API Authentication plugin
- Select your Authentication method →Third party Provider and add Introspection Endpoint provided by your OAuth/OpenID Connect provider click on Save Configuration.
- Once you configure the plugin with the Introspection Endpoint provided by your provider, try to access your WordPress REST APIs using the access token/id_token provided by your OAuth Provider as shown below.
Check out the developer documentation for more details.
Request: GET https://<domain-name>/wp-json/wp/v2/posts
access_token : < access_token >
id_token : < id_token >
Mail us on email@example.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.