Question 30878 in Wordpress Question posted in
The official Wordpress documentation can be found here.

Connect / Login WordPress Hosted Website or Blog with NodeJs

I am trying to make A NodeJs CLI by which I can login in hosted WordPress account using NodeJs so I used Passport-WordPress.

I wrote a code but I don’t know what to do next and how to check if I am login to the WordPress or not.

this my wordpress hosted Website

Here is my code

Index.js

const inquirer = require("inquirer");
const passport = require("passport");

const WordPressStrategy = require("passport-wordpress").Strategy;

function wordpress() {
  inquirer
    .prompt([
      {
        name: "wpWebsite",
        message: " Enter Your Website or Blog:",
      },
      {
        name: "wpUserName",
        message: " Enter UserName or Email: ",
      },
      {
        type: "password",
        name: "wpPassword",
        message: " Enter Password: ",
      },
    ])
    .then((answers, cb) => {
      passport.use(
        new WordPressStrategy(
          {
            clientID: answers.wpUserName,
            clientSecret: answers.wpPassword,
            callbackURL: `https://example.com/auth/wordpress/callback`,
          },
          function (accessToken, refreshToken, profile, done) {
            console.log(done);
          }
        )
      );
    });
}

anyone have any idea am I doing correct or not ?

I have Few question here such as

  1. What is accessToken here?
  2. What is refreshToken here?
  3. What is profile? Is the profile is same as email id or username?
  4. what is callbackUrl? Do I have to put my website URL ?
Tags:

2

Answers


  1. 0

    Creating a CLI to do this is going to be problematic due to the need for a callback. Essentially, you are providing authorization credentials and WordPress is going to post your token back to the callback URL, which means you will need to have a web server running to receive that information.

    Not saying it could not be done, but there will be many more moving parts to the solution.

    Login or Signup to reply.
  2. 0

    A little context to prevent confusion for anyone coming to this answer from a link: WordPress is the software that runs your site (if you’re using WordPress that is) and has a website with documentation at WordPress.org. WordPress.com is a website for hosting WordPress sites. They both have their own documentation and APIs, and this answer talks about both but tries to explicitly state which one we’re talking about at any point. Now, on to the answer.

    Passport uses OAuth to connect to WordPress. OAuth is a particularly unusual way to connect to a service in a CLI application, so if your goal is to interact with WordPress from a CLI interface, you may want to look at WP CLI (which may not be available for wordpress.com hosted sites) and the WordPress REST API for managing individual sites — depending on your goal that might do everything you need without having to create your own CLI application. There is also the WordPress.com REST API which is geared more toward managing your account on WordPress.com but also includes features for managing users, posts, comments, etc of individual sites under a WordPress.com account. If you have a site hosted somewhere other than WordPress.com, then the WordPress.com API is not what you’re looking for.

    To answer a few of your questions above, and clear up some confusion:

    • Client ID and Client Secret are not username and password. They are part of the OAuth specification. Generally you will set these up for a specific application you are creating. Sometimes a web application may ask you to generate a client ID and Secret for a certain site or service that it is designed to work with
    • accessToken is part of the OAuth standard, and is used by your application to prove it is allowed access on behalf of the user.
    • refreshToken is also part of the OAuth standard, but may not always be provided. It is used to get a new accessToken without the user’s interaction if the accessToken expires
    • profile is a standardized representation of a user profile on the authentication provider used with OAuth. This is described in greater detail on the Passport documentation, but in short, it’s an object that has fields such as id and displayName that may be needed by the application using the OAuth provider. profile.id might be the same as user email, or it might be some completely different ID, such as their twitter handle. It all depends on the particular OAuth provider you’re working with.
    • callbackURL is the URL that the OAuth provider will redirect to after the user authenticates. This behavior really only makes sense in the context of a web browser. It also assumes that your application will be ready to receive web traffic from the newly authenticated users at that URL and will handle the above tokens in order to confirm they are authenticated. That means you need to have a webserver running to receive the traffic, and have it somehow communicating with your CLI application.

    If you’re just trying to build a CLI application to manage WordPress sites, consider the links at the top of this answer. If you’re trying to provide some other service but allow users to login and establish some form of identity using WordPress, then perhaps Passport still makes sense, but doing that in a CLI environment is a bit unusual and will likely be unnecessarily difficult. If you’re trying to do something else, add a comment or edit your question clarifying that and I’ll update this answer accordingly.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search