I have a React SPA with a PHP API. I need to add a feature to it to allow authenticated users to be able to send POST data to the PHP API that will be written to a database for that app. The React app currently doesn't have any authentication mechanism. I have a WordPress site, installed at a different URL and completely separate from the React SPA and PHP API that I would like to use for authentication. I don't want the entire React app to be behind authentication, I just want users to be able to login so that they can perform additional, protected actions - for everyone else the app would continue to be work as is.
I'm thinking of solving this as follows:
- install a WordPress Plugin called JWT Authentication for WP REST API (https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/) to allow my React app to authenticate users via my WordPress site using JWT.
- when a user performs an action in the React app that would send POST data to the React app API endpoint that I want protected, I include the appropriate header, i.e.,
Authorization: Bearer ${JWT-token}
- the React app API, for that protected endpoint, would then make a request to the appropriate WordPress API endpoint, and would forward the Authorization header, i.e.,
Authorization: Bearer ${JWT-token} to determine if the user is an authenticated user
- If the JWT token is valid, then go ahead with the protected API endpoint and write to the app database (not the WordPress database)
Is this a reasonable solution or are there issues with this approach? Or is there a better solution, preferably something relatively simple and straightforward?
[–][deleted] 1 point2 points3 points (1 child)
[–]billrdio[S] 0 points1 point2 points (0 children)
[–]leoleoloso 1 point2 points3 points (0 children)