[wp-hackers] Querying OAuth protected service during 'wp_login'

fkooman at tuxed.net fkooman at tuxed.net
Tue Dec 4 16:13:28 UTC 2012


Hi,

I'm trying to create a plugin "voot-role" that needs to query a remote
OAuth (2.0) protected resource server to determine the role the user
that logged in will get at the blog. The plugin gets triggered on the
'wp_login' action to obtain an access token (if non is available yet)
and query the service to determine the role. This all works great, but
so far I'm unable to figure out the best way to deal with the login
when no OAuth access token is available yet. When the user logs in and
an access_token is available all is fine.

So the flow:

1. wp_login registered action gets triggered
2. plugin uses OAuth client API to check if OAuth token is available
3a: yes: use access token to query OAuth RS
3b. no: <do OAuth stuff which obtains access token at remote OAuth
authorization server where it gets redirected to and redirect back to
Wordpress after success>

The problem now is that in step 3b when the user is redirected back to
Wordpress, the user is already logged in and thus the wp_login action
is not triggered again (if the user logs out and in again path 3a is
followed, so all is fine). I was looking into using the
'auth_cookie_valid' action, but this action is triggered all the time
(even multiple times per page load it seems) so it is not so smart to
hook into this action with the plugin (for efficiency reasons, it
would query the remote service every time, and I only want this on
wp_login, the role is not updated that often).

Is there a better way to do this? Store a key/value in the session
cookie to trigger obtaining the role from the server right after the
redirect and unset this key/value after doing this?

The code I'm working on:
https://github.com/fkooman/wordpress-voot-role-plugin/blob/external_client/voot-roles.php

Thanks in advance!

Regards,
François


More information about the wp-hackers mailing list