WP API and OAuth - Using WordPress without WordPress

This tutorial demonstrates installing and using the WP-API with OAuth, a WordPress plugin providing REST-like API endpoints. Unauthenticated users can read content, while authenticated users (via OAuth or cookies) can write content. The process isn't intuitive, so this guide simplifies the setup, assuming basic terminal and Vagrant familiarity.

Key Concepts:

• The plugin uses REST-like endpoints for content access.
• The built-in WP-API exposes WordPress internals, allowing JSON retrieval (e.g., /wp-json/posts).
• OAuth1 handles authentication, requiring wp-cli for terminal commands. Note: WordPress uses the less efficient 3-legged OAuth flow.
• The tutorial shows how an external application authenticates with WordPress and submits a post via the API using Guzzle.

Installation:

Using a Homestead Improved instance:

git clone https://github.com/swader/homestead_improved hi_wp_github
cd hi_wp_github
sed -i '' "s@map\: \.@map\: $PWD@g" Homestead.yaml

Modify Homestead.yaml's sites block:

sites:
    - map: test.app
      to: /home/vagrant/Code/wptest

(Ensure test.app is in your /etc/hosts file.)

Install WordPress:

cd ~/Code
wget https://wordpress.org/latest.tar.gz
tar -xvzf latest.tar.gz
mv wordpress wptest
cd wptest
cp wp-config-sample.php wp-config.php

Configure wp-config.php with database credentials. Access the site via your browser.

WP-API Setup:

Install the WP-API plugin (version 1.2.* or later) through the WordPress plugin manager. After installation, /wp-json/posts should return a JSON array of posts. However, content submission requires further steps.

OAuth Server Setup:

WordPress uses the outdated OAuth1. Install wp-cli:

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp

Install the OAuth1 plugin:

cd ~/Code/wptest
git clone https://github.com/WP-API/OAuth1 wp-content/plugins/oauth-server

Activate the plugin and generate keys/secrets:

wp oauth1 add

This will output an ID, key, and secret for OAuth authentication. WordPress utilizes the less efficient 3-legged OAuth flow.

OAuth Client Setup:

Create a new project (submitter) in your VM, adding a new site to Homestead.yaml:

sites:
    - map: test.app
      to: /home/vagrant/Code/wptest
    - map: test2.app
      to: /home/vagrant/Code/submitter

Re-provision the VM (vagrant provision). Create index.php, callback.php, and credentials.php in the submitter directory. Populate credentials.php with the keys from the previous step.

Install required Composer packages:

composer require --dev symfony/var-dumper guzzlehttp/guzzle:~5 guzzlehttp/oauth-subscriber

Modify the WordPress default-filters.php to allow redirects:

git clone https://github.com/swader/homestead_improved hi_wp_github
cd hi_wp_github
sed -i '' "s@map\: \.@map\: $PWD@g" Homestead.yaml

The following sections detail the index.php, callback.php, and makepost.php files for the 3-legged OAuth flow and API interaction. (Code omitted for brevity, refer to original input for complete code examples).

Conclusion:

This tutorial guides you through setting up WP-API with OAuth. While complex, this guide simplifies the process. Further improvements and refinements are possible.

The above is the detailed content of WP API and OAuth - Using WordPress without WordPress. For more information, please follow other related articles on the PHP Chinese website!