Name: rest-sessions
Owner: Human Made
Description: Log in and out of WordPress using the REST API.
Created: 2018-02-06 07:54:32.0
Updated: 2018-04-16 16:22:14.0
Pushed: 2018-02-22 06:04:12.0
Size: 4
Language: PHP
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
|
REST Sessions Log in and out with cookie authentication. |
|
| A Human Made project. Maintained by @rmccue. |
|
Working on a REST API-powered theme, and want to include a login form? You need REST Sessions.
Activate this plugin.
In order to use the API endpoints, you need to pass a login nonce to the API endpoints. You can get this nonce easily in PHP by calling REST_Sessions\Session_Controller::get_nonce().
Rather than explicitly logging in or out, the endpoints used by this plugin create or destroy sessions. These are the real session objects used under the hood by WordPress, and this fits better with the resource-based paradigm used by REST.
To log in, you create a session. To create a session, send a POST request to /sessions/v0/sessions. You need to include the following parameters (preferably in a JSON body):
username (string): User-supplied username.password (string): User-supplied password.auth_nonce (string): Nonce generated by the backend.remember (boolean): True to persist cookies, false to use short-lived ones. Default is false.On success, this will return a 201 Created status code with a Session resource in the body. Additionally, it will set the authentication cookies for the site.
To log out, you destroy the current session. To destroy the session, send a DELETE request to /sessions/v0/sessions/current. You need to include the REST API nonce for the current user as the _wpnonce parameter, just like any other authenticated endpoint.
On success, this will return a 200 OK status code with a JSON object containing the following properties in the body:
deleted (boolean): True on success.previous (object): The Session resource that has just been destroyed.The Session resource returned from these endpoints is a JSON object containing the following properties:
id (string): Session ID.created (string): ISO8601 datetime representing the creation time of the session.expiration (string): ISO8601 datetime representing the expiration time of the session.ip (string): IP address registered for the session.user_agent (string): User agent registered for the session.nonce (string): Nonce for use with authenticated REST API endpoints.Additionally, an author link is added pointing to the current user. This link is embeddable.