Your SlideShare is downloading. ×
  • Like
  • Save
WordPress Third Party Authentication
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

WordPress Third Party Authentication

  • 4,626 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
4,626
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 3rd Party WordPress Authentication: A Taster
  • 2. Business Decisions
    • Newspaper CMS with WordPress Blog Component
    • Enterprise Active Directory
    • Google/Facebook Integration
  • 3. I am not a crypto, but I did stay at a Holiday Inn Express Last Night!
  • 4. Authentication Tech
    • Single Factor - User/Pass
      • WordPress Default
      • Also, LDAP and Sometimes Active Directory
      • OpenID
    • Two Factor - Something you have, something you know
      • oAuth
      • Smart Card
  • 5. Two Approaches in WordPress!
    • Replace wp_authenticate() in wp-includes/pluggable.php in a plugin. Or....
    • Use hooks! (Best Option)
  • 6. This is all Hookable in WordPress!
  • 7. if ( !function_exists('wp_authenticate') ) : function wp_authenticate($username, $password) { $username = sanitize_user($username); $password = trim($password); $user = apply_filters('authenticate', null, $username, $password); if ( $user == null ) { // TODO what should the error message be? (Or would these even happen?) // Only needed if all authentication handlers fail to return anything. $user = new WP_Error('authentication_failed', __('<strong>ERROR</strong>: Invalid username or incorrect password.')); } $ignore_codes = array('empty_username', 'empty_password'); if (is_wp_error($user) && !in_array($user->get_error_code(), $ignore_codes) ) { do_action('wp_login_failed', $username); } return $user; } endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif; endif;
  • 8. Using the authenticate filter
    • The authenticate hook is a multi-argument hook. You can pass more than one argument, but it can only return one!
    • In this case, if using a user/password authentication type, you can pass those:
      • add_filter(‘authenticate’, null, ‘myuser’, ‘mypass’);
      • Return WP_User object
    • Or... pass anything you want. Secret token for oAuth?
      • Username and Password CAN be null, or not set. Just return a WP_User object!
  • 9. OpenID Example
    • function wpb_authenticate( $openid_server, $openid_usr, $openid_pw){
    • if( !isset($openid_server) || !isset( $openid_usr) || !isset($openid_pw) {
    • return new WP_Error(‘invalid’, ‘Invalid OpenID Creds’);
    • } $wp_user = wpb_request_openid_auth(
        • $openid_server,
        • $openid_usr,
        • $openid_pw
        • ); return $wp_user; // Valid WP_User object or WP_Error object}
    • remove_action('authenticate', 'wp_authenticate_username_password', 20);
    • add_filter( ‘authenticate’, ‘wpb_authenticate’, 30, 3 );
    • add_filter( ‘authenticate’, ‘wpb_authenticate’, 30, 3 );
  • 10. This is also replaceable Old Skool Style!
  • 11. Pluggable Functions
    • All functions in wp-includes/pluggable.php are replaceable by plugins
    • This is NOT the recommended way of doing business but when all else fails...
    • Key Auth functions:
      • wp_authenticate()
      • wp_check_password()
      • wp_clear_auth_cookie(), wp_generate_auth_cookie(), wp_validate_auth_cookie(), wp_set_auth_cookie()
  • 12. Resources
    • Will Norris on the authenticate hook and oAuth - http://willnorris.com/2009/03/authentication-in-wordpress-28
    • WordPress Codex, Pluggable Functions http://codex.wordpress.org/Pluggable_Functions
    • WordPress Codex, WP_Error object http://codex.wordpress.org/Function_Reference/WP_Error
    • John Kolbert on using the authenticate hook http://www.johnkolbert.com/wordpress/how-to-add-your-own-authentication-criteria/
  • 13. Thank You!
    • Aaron Brazell
    • Email: [email_address]
    • Biz: WP Engine, http://wpengine.com
    • Twitter: @technosailor
    • Book: WordPress Bible - 2E is out! Order on Amazon http://amzn.to/wpbible2