Another edgy case of WordPress auth flow, but quite common, is the automatic register and login of a new user during the WooCommerce checkout.
Once this option is active:
Users only need to provide an email and place the order:
Then, once the order is finished users are automatically logged in, and can see their order, downloads and so on:
They also receive an additional email with their new account and password:
This would obviously get out of the scope of the OAuth 2 auth method but, as the final token is likely to be a JWT, I wonder if a function could be exposed so other plugins can generate the JWT themselves.
If that's the case, the Headless WooCommerce could work like this:
User places an order in the Headless frontend. Data is sent to some new-order endpoint.
WooCommerce receives order via the new-order endpoint, creates the user, generates the JWT (using the exposed function) and returns everything in the response.
Headless frontend receives the JWT and the user is logged in.
What I don't know is if exposing such a function would mean a security risk. Any thoughts?
Another edgy case of WordPress auth flow, but quite common, is the automatic register and login of a new user during the WooCommerce checkout.
Once this option is active:
Users only need to provide an email and place the order:
Then, once the order is finished users are automatically logged in, and can see their order, downloads and so on:
They also receive an additional email with their new account and password:
This would obviously get out of the scope of the OAuth 2 auth method but, as the final token is likely to be a JWT, I wonder if a function could be exposed so other plugins can generate the JWT themselves.
If that's the case, the Headless WooCommerce could work like this:
new-order
endpoint.new-order
endpoint, creates the user, generates the JWT (using the exposed function) and returns everything in the response.What I don't know is if exposing such a function would mean a security risk. Any thoughts?