Skip to content

humanmade/rest-sessions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
inc
inc
 
 
README.md
README.md
 
 
plugin.php
plugin.php
 
 

Repository files navigation

REST Sessions
Log in and out with cookie authentication.
A Human Made project. Maintained by @rmccue.

Working on a REST API-powered theme, and want to include a login form? You need REST Sessions.

Installation

Activate this plugin.

In order to use the API endpoints, you need to pass a login nonce to the API endpoints. You can get this nonce easily in PHP by calling REST_Sessions\Session_Controller::get_nonce().

Usage

Rather than explicitly logging in or out, the endpoints used by this plugin create or destroy sessions. These are the real session objects used under the hood by WordPress, and this fits better with the resource-based paradigm used by REST.

Create a Session (Log In)

To log in, you create a session. To create a session, send a POST request to /sessions/v0/sessions. You need to include the following parameters (preferably in a JSON body):

  • username (string): User-supplied username.
  • password (string): User-supplied password.
  • auth_nonce (string): Nonce generated by the backend.
  • remember (boolean): True to persist cookies, false to use short-lived ones. Default is false.

On success, this will return a 201 Created status code with a Session resource in the body. Additionally, it will set the authentication cookies for the site.

Destroy the Current Session (Log Out)

To log out, you destroy the current session. To destroy the session, send a DELETE request to /sessions/v0/sessions/current. You need to include the REST API nonce for the current user as the _wpnonce parameter, just like any other authenticated endpoint.

On success, this will return a 200 OK status code with a JSON object containing the following properties in the body:

  • deleted (boolean): True on success.
  • previous (object): The Session resource that has just been destroyed.

Session Resource

The Session resource returned from these endpoints is a JSON object containing the following properties:

  • id (string): Session ID.
  • created (string): ISO8601 datetime representing the creation time of the session.
  • expiration (string): ISO8601 datetime representing the expiration time of the session.
  • ip (string): IP address registered for the session.
  • user_agent (string): User agent registered for the session.
  • nonce (string): Nonce for use with authenticated REST API endpoints.

Additionally, an author link is added pointing to the current user. This link is embeddable.

About

Log in and out of WordPress using the REST API.

Resources

Readme
Activity
Custom properties

Stars

18 stars

Watchers

26 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages