I want to access the current logged in Wordpress user in a separate Laravel installation.
Wordpress is running as <em>website.com</em> and I've got a subdomain with <em>tool.website.com</em> with the Laravel application (on another server but same domain).
I'm using the Native Wordpress API and created an authentication route.
<strong>The issue:</strong>
When I access the <em>/authenticate</em> route directly, the user ID is returned and works correctly. But when I access the route through tool.website.com <strong>false</strong> is returned..
<strong>Things I've got working:</strong>
I've created an API request which returns the user id in an API call:
The function looks like this:
The WP cookie is available on both the sub / main domain. I can see they are identical and toplevel.
<strong>Things I've tried:</strong>
<ul>
<li>Using wp_get_current_user() to retrieve the user, this seems to need a nonce. I experimented hours and hours with the nonce approach on many different ways, but I could not get this to work (false or 0 was returned). I understand this is due to restrictions of using a nonce from outside of Wordpress.</li>
<li>Using the default native API approach to get the user, also needs the nonce.</li>
<li>Reading the <a href="https://developer.wordpress.org/rest-api/" rel="nofollow noreferrer">https://developer.wordpress.org/rest-api/</a> manual, git repository & several articles / comments online.</li>
<li>Thinking about the OAuth approach, but I do not want users to login again as they are already logged in when they reach the tool.</li>
<li>Sending stuff like posts etc works without problems, so the API connection is not the problem.</li>
</ul>
I'm wondering if my approach is in the right direction. Hopefully someone can give me some guidance.
Wordpress is running as <em>website.com</em> and I've got a subdomain with <em>tool.website.com</em> with the Laravel application (on another server but same domain).
I'm using the Native Wordpress API and created an authentication route.
<strong>The issue:</strong>
When I access the <em>/authenticate</em> route directly, the user ID is returned and works correctly. But when I access the route through tool.website.com <strong>false</strong> is returned..
<strong>Things I've got working:</strong>
I've created an API request which returns the user id in an API call:
Code:
add_action( 'rest_api_init', function () {
register_rest_route( '/authenticate', array(
'methods' => 'GET',
'callback' => 'authenticate',
) );
} );The function looks like this:
Code:
$user_id = wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' );The WP cookie is available on both the sub / main domain. I can see they are identical and toplevel.
Code:
define('COOKIE_DOMAIN', '.website.dev');<strong>Things I've tried:</strong>
<ul>
<li>Using wp_get_current_user() to retrieve the user, this seems to need a nonce. I experimented hours and hours with the nonce approach on many different ways, but I could not get this to work (false or 0 was returned). I understand this is due to restrictions of using a nonce from outside of Wordpress.</li>
<li>Using the default native API approach to get the user, also needs the nonce.</li>
<li>Reading the <a href="https://developer.wordpress.org/rest-api/" rel="nofollow noreferrer">https://developer.wordpress.org/rest-api/</a> manual, git repository & several articles / comments online.</li>
<li>Thinking about the OAuth approach, but I do not want users to login again as they are already logged in when they reach the tool.</li>
<li>Sending stuff like posts etc works without problems, so the API connection is not the problem.</li>
</ul>
I'm wondering if my approach is in the right direction. Hopefully someone can give me some guidance.