if a user is not registered on WordPress

  • I’ll explain the system to you: My WordPress installation will act as the server, a user goes to the client site and clicks to log in. At this point the client calls my server on an endpoint?

    I think it will start with the first on this list and then continue with the others, right?

    1 -“authorization_endpoint”:”/wp-json\/openid-connect\authorize”,

    2 – “token_endpoint”:”/wp-json\/openid-connect/token”,

    3 – “userinfo_endpoint”:”/wp-json/openid-connect/userinfo”,

    if this is what I understand, it’s correct, i need that : if at the first endpoint the plugin sees that the user does not have an account on WordPress it does not send the authorization right? I would therefore like to have it open a registration page so that the user can register, and once registration is complete, resume the login flow

    where can I hook up to do this?

    thank you very much

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Paulo Pinto

    (@psrpinto)

    I believe the sequence you described is correct. When you make a request to the authorization endpoint and the user is not logged-in, they will be redirected to the “authenticate” route (the code for that is here).

    In the authenticate route, they will be redirected to WordPress’s login page, from where they should be able to register for an account. After registration, they should be redirected back to the oidc flow. If that is not the case, there might be a bug in the plugin.

    Thread Starter Matteo182

    (@matteo182)

    ok I understand, so if I wanted to add a control with a validation via SMS message, and and I need to add additional fields for permissions I would have to add it to my normal WordPress registration right?

    or can I create an additional form to call up and fill out before giving authorization? where can I find the redirection you make to the login form? Can I replace it with a redirection to another form customized by me?

    thank you very much

    Thread Starter Matteo182

    (@matteo182)

    compared to the file you sent me I think that here I can redirect to another form by replacing wp_login_url() with my custom url form ?

    wp_safe_redirect( add_query_arg( array_map( ‘rawurlencode’, array_merge( $request->getAllQueryParameters(), array( ‘action’ => ‘openid-authenticate’ ) ) ), wp_login_url() ) );

    or i must modify the auth_redirect() whit other custom function ?

    • This reply was modified 8 months, 3 weeks ago by Matteo182.
    Plugin Author Paulo Pinto

    (@psrpinto)

    If you want to redirect the user to another form, you can use WordPress’s login_url filter to override the URL WordPress redirects the user to.

    After your form is handled, you need to redirect the user back to the openid-authenticate route, which will land them on the AuthenticateHandler of the OIDC server plugin.

    Thread Starter Matteo182

    (@matteo182)

    Hi Paolo, thanks for the help you are giving me,

    so I managed to go around starting from the endpoint /wp-json/openid-connect/v1/authorize

    from here I redirect to my login/register page, in case it is the first access I go to the authorization created by you

    and after authorization I land on my additional form for double optin and other required data.

    from the whole flow I bring along the query string with the ‘code’ :

    /?code=ea29c0205e017692c7b24fdbaa39690d99359da2&state=4secret5string

    At this point, I would like to ask you what the normal flow involves? should I pass this token to the platform that called the WP server?

    Can he use this token to call the endpoint to request user data?

    i mena this endpoint : /wp-json/openid-connect/v1/userinfo

    or can I send them the user data when they have finished filling out this last custom form? This way I would avoid having to call another endpoint, what do you think?

    Thank you very much if you could give me this other clue, I think I’ve closed the loop.

    Best regards

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘if a user is not registered on WordPress’ is closed to new replies.