Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added endpoint for customer login #6133

Closed
wants to merge 3 commits into from
Closed

Added endpoint for customer login #6133

wants to merge 3 commits into from
+34 −0

Conversation

artemkolotilkin
Copy link

The logic to address feature request suggested in #6126.

@artemkolotilkin artemkolotilkin changed the title Added endpoint for customer login (#6126) Added endpoint for customer login Aug 29, 2014
@maxrice
Copy link
Contributor

maxrice commented Aug 30, 2014

@rmccue out of curiosity, is this sort of endpoint something y'all have on the roadmap for WP API?

Code refactoring
2f9e2da 
1. Renamed method from Login to Authenticate
2. Changed wp_signon to wp_authenticate
3. Changed WP_Error return code to 401 (Unauthorized)
4. Removed hook and success status code
@artemkolotilkin
Copy link
Author

Thanks @maxrice for a code review. I've changed method name from login to authenticate and did some cleanup.

Today I discovered a few other methods that I need but currently missing in API. They are related to payment processing. Looks like I'll need to create a custom plugin that will extend WC_API_Resource and implement additional endpoints that I need. In case you guys decide not to include authentication endpoint into the plugin, I can move it into my custom plugin as well. Didn't think about that before.

@rmccue
Copy link
Contributor

rmccue commented Sep 1, 2014

@rmccue out of curiosity, is this sort of endpoint something y'all have on the roadmap for WP API?

No, and intentionally so. The only way to authenticate via the API is either cookies (that is, be logged in already) or OAuth. Exposing any way to convert username/password to an authentication token (whether that be this style, or XAuth, etc) encourages the "just input your username and password" antipattern.

Encouraging users to input their username/password outside of the site itself means we're teaching users to be less careful about it, and I want to discourage that as much as possible.

@artemkolotilkin
Copy link
Author

Thanks @rmccue, your point makes sense.

In my case I'm building a mobile app that will serve as a front-end application for a WooCommerce store. And I need to implement a user account section there with the ability for a user to register, login and update personal information in the app. I'm not sure how else you can do that without the authentication endpoint. It doesn't look like an OAuth case here, at least to me.

@maxrice, as I mentioned earlier I discovered a few other endpoints that are currently missing. They are payment related therefore it doesn't make sense to add them to the general WC API. Considering that I decided to move authentication endpoint to a custom plugin where other custom endpoints will live. Just did that and everything works great. Thanks a lot for woocommerce_api_loaded and woocommerce_api_classes filters! It was fairly easy to extend the API with custom resources.

At this point it doesn't matter much to me whether this is going to be merged into the plugin or not. I'm leaving it up to you guys to decide.

@mikejolley mikejolley mentioned this pull request Sep 1, 2014
Closed
@maxrice
Copy link
Contributor

maxrice commented Sep 1, 2014

@rmccue thanks, I figured you guys had already thought about it :)

@artemkolotilkin It's probably best to add this to a custom plugin instead. At some point I'd like to have an OAuth2 flow so the user could authenticate without actually providing their username/password off-site, but it's a long ways off.

Thanks a lot for woocommerce_api_loaded and woocommerce_api_classes filters! It was fairly easy to extend the API with custom resources.

Glad to hear they helped! It'd be cool to see the finished plugin when you're done with it.

@maxrice maxrice closed this Sep 1, 2014
@BENMESSAOUD BENMESSAOUD mentioned this pull request Nov 21, 2014
Closed
@BENMESSAOUD
Copy link

Hi,

I would like to revoke this issue because I think is important to have an authenticate endpoint for mobile apps. With the current version of Woocommerce API, anyone is able to get access to other accounts (using email endpoint) and make orders there and get all private informations like address, phone number, avatar image, etc. and this makes the email's endpoint insecure!
I think that the method create by @artemkolotilkin is pretty good. may be the password should be md5 crypt when comes to the server side for more security.
I think that most of mobile application using woocommerce API will needs this authentification step.

@mikejolley
Copy link
Member

Moved to roadmap for voting/discussion here: https://trello.com/c/LHU78CF2/50-rest-api-login-auth-user

@vnen
Copy link

vnen commented Jul 24, 2015

@artemkolotilkin have you ever made such a plugin? If so, are you willing to make it public?

@cepages
Copy link

cepages commented Jul 24, 2015

+1 to the @vnen question. I'm trying to create an app using this API, but I need a login for the customer.

cc @artemkolotilkin

@woocommerce woocommerce locked and limited conversation to collaborators Jul 24, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@artemkolotilkin @maxrice @rmccue @BENMESSAOUD @mikejolley @vnen @cepages @crushman1