WP API and OAuth - Using WordPress without WordPress

This tutorial demonstrates installing and using the WP-API with OAuth, a WordPress plugin providing REST-like API endpoints. Unauthenticated users can read content, while authenticated users (via OAuth or cookies) can write content. The process isn't intuitive, so this guide simplifies the setup, assuming basic terminal and Vagrant familiarity.

Key Concepts:

• The plugin uses REST-like endpoints for content access.
• The built-in WP-API exposes WordPress internals, allowing JSON retrieval (e.g., /wp-json/posts).
• OAuth1 handles authentication, requiring wp-cli for terminal commands. Note: WordPress uses the less efficient 3-legged OAuth flow.
• The tutorial shows how an external application authenticates with WordPress and submits a post via the API using Guzzle.

Installation:

Using a Homestead Improved instance:

<code class="language-bash">git clone https://github.com/swader/homestead_improved hi_wp_github
cd hi_wp_github
sed -i '' "s@map\: \.@map\: $PWD@g" Homestead.yaml</code>

Modify Homestead.yaml's sites block:

<code class="language-yaml">sites:
    - map: test.app
      to: /home/vagrant/Code/wptest</code>

(Ensure test.app is in your /etc/hosts file.)

Install WordPress:

<code class="language-bash">cd ~/Code
wget https://wordpress.org/latest.tar.gz
tar -xvzf latest.tar.gz
mv wordpress wptest
cd wptest
cp wp-config-sample.php wp-config.php</code>

Configure wp-config.php with database credentials. Access the site via your browser.

WP-API Setup:

Install the WP-API plugin (version 1.2.* or later) through the WordPress plugin manager. After installation, /wp-json/posts should return a JSON array of posts. However, content submission requires further steps.

OAuth Server Setup:

WordPress uses the outdated OAuth1. Install wp-cli:

<code class="language-bash">curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp</code>

Install the OAuth1 plugin:

<code class="language-bash">cd ~/Code/wptest
git clone https://github.com/WP-API/OAuth1 wp-content/plugins/oauth-server</code>

Activate the plugin and generate keys/secrets:

<code class="language-bash">wp oauth1 add</code>

This will output an ID, key, and secret for OAuth authentication. WordPress utilizes the less efficient 3-legged OAuth flow.

OAuth Client Setup:

Create a new project (submitter) in your VM, adding a new site to Homestead.yaml:

<code class="language-yaml">sites:
    - map: test.app
      to: /home/vagrant/Code/wptest
    - map: test2.app
      to: /home/vagrant/Code/submitter</code>

Re-provision the VM (vagrant provision). Create index.php, callback.php, and credentials.php in the submitter directory. Populate credentials.php with the keys from the previous step.

Install required Composer packages:

<code class="language-bash">composer require --dev symfony/var-dumper guzzlehttp/guzzle:~5 guzzlehttp/oauth-subscriber</code>

Modify the WordPress default-filters.php to allow redirects:

<code class="language-bash">git clone https://github.com/swader/homestead_improved hi_wp_github
cd hi_wp_github
sed -i '' "s@map\: \.@map\: $PWD@g" Homestead.yaml</code>

The following sections detail the index.php, callback.php, and makepost.php files for the 3-legged OAuth flow and API interaction. (Code omitted for brevity, refer to original input for complete code examples).

Conclusion:

This tutorial guides you through setting up WP-API with OAuth. While complex, this guide simplifies the process. Further improvements and refinements are possible.

The above is the detailed content of WP API and OAuth - Using WordPress without WordPress. For more information, please follow other related articles on the PHP Chinese website!