Correct way to check if user is logged in and perform a ".me()" request

[joneslloyd]

Hi there,

Just wanted to check/confirm:

Is there a way, whilst only using wpapi, to check whether the wp.users().me() request can be performed?

If the user is not logged in, but a call to wp.users().me() is made, then the response is 403, but I'd like to be able to check if the user is logged in before making the wp.users().me() call.

Currently I'm wrapping the call in this:

if (document.body.classList.contains('logged-in')) {
  //Make call
}

But it seems like an awful way to do it..!

Any advice on this would be great :+1:

[kadamwhite]

Hey @joneslloyd, thanks for using this library and thanks for the interesting question. Unfortunately what you're asking is a little out of scope for this project itself; how you maintain authentication credentials is an application-level concern that is outside of the domain of this library (which focuses on the query building and transport). Additionally, since authentication is technically re-upped on every request, there is not necessarily the sense of "being authenticated" with the REST API at all, and instead you can only be in possession of valid credentials that can be used to authenticate the next request.

However, some general thoughts:

• In a server-side or mobile application you likely have a session or data store of some kind; just add a authenticated: true property to it when you first successfully authenticate with the remote WordPress site, and you should be able to refer back to that value
• If you are in a client-side application you can check for the presence of (and, if you saved it when you loaded the page, the age of) the nonce value that you are using for authentication. The presence of this nonce and of the WP login cookie can be used to establish whether you expect an authenticated request to succeed.
• Additionally for client side applications, you could add some PHP to render out a JS block in the footer to add a global to give you the information you want without relying on brittle class names:

  <?php
  function() {
  echo '<script>window.MYPLUGIN_LOGGED_IN = ';
  echo is_user_logged_in() ? 'true;' : 'false;';
  echo '</script>';
  }
  add_action( 'wp_footer', 'yourplugin_js_logged_in_flag', 100 );

  Then in your JS code, just check for window.MYPLUGIN_LOGGED_IN (or whatever name you give the flag).

[joneslloyd]

Hey @kadamwhite, thanks for getting back to me!

I was more just wondering if there was a built-in way to 'gracefully' check if a request (in this instance wp.users().me()) was not possible, rather than getting the error.

But the solution you've posted here will work for me (the PHP-based JS variable one).

Thanks a lot!

[kadamwhite]

Glad to hear it helps, happy coding!

[Barath-prakash]

@kadamwhite wp.users().me() is only for admin. what the way to login as a user or client??? Give me some idea!!!

[kadamwhite]

@Barath-prakash Please see http://wp-api.org/node-wpapi/authentication/

[Barath-prakash]

@kadamwhite I'm referring to official node-wpapi javascript client library for official (4.7+) REST APIs. Here the doc: http://wp-api.org/node-wpapi/authentication/#cookie-authentication

I'm reading the Cookie Authentication paragraph, but I'm not in this situation.

I'm trying to build a Single Page App, so I need to register/login/logout the user using REST API. I don't need to use node-wpapi, I could use any other library to call the API endpoints.

But my problem is I'm not able to understand what must I call to log an user in and what must I save to handle the other api calls where user need to be logged in (to create a post, for example).

[kadamwhite]

@barath-prakash This repository is only for support for the node-wpapi library, so the support forums might have been a better place for that inquiry :) but I work on both projects so I can answer.

You cannot log somebody in with the REST API; that’s not how it works and not what it is intended to do.

What you can do is use a plugin like https://GitHub.com/wp-api/oauth2 to allow somebody to log in to WordPress in such a way that you can save a unique token, then use that token for future requests using an OAuth 2 library.

Alternatively you may ask your users for their username and password and then use the basic authentication plugin linked from the auth documentation I provided earlier, but this should only be done over HTTPS for security. In general OAuth is preferable.

Good luck with your application

[Barath-prakash]

@kadamwhite We are using react as a front-end and back-end is wordpress with node-wpapi integration. In this case, can we login as a user or client (not as admin) from our front-end react application that like wordpress site login does???

[kadamwhite]

@barath-prakash I’m sorry but I cannot provide any more information than I already have. If your React code is running in a WordPress theme or plugin, direct users to log in normally and use cookie authentication. If your code is running on a separate server from WordPress, investigate the OAuth link I provided.

Because it is not central to the purpose and scope of this library I will be unable to provide more assistance than this. If you find this library does not meet your needs then it may not be the proper tool. Best wishes for success on your project.

[Barath-prakash]

Okay.... Thank you so much @kadamwhite

[Barath-prakash]

@kadamwhite Kindly give me the information about get the menu list in appearance section?

[kadamwhite]

@barath-prakash Menus are not available through the REST API yet. I’m going to have to ask you to please stop using these issues for support requests; I’m glad you’re using the API and that you tried this library, but GitHub issues are not an appropriate place for the sorts of general questions you have been raising. Please use the WordPress.org support forums.