You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Another edgy case of WordPress auth flow, but quite common, is the automatic register and login of a new user during the WooCommerce checkout.
Once this option is active:
Users only need to provide an email and place the order:
Then, once the order is finished users are automatically logged in, and can see their order, downloads and so on:
They also receive an additional email with their new account and password:
This would obviously get out of the scope of the OAuth 2 auth method but, as the final token is likely to be a JWT, I wonder if a function could be exposed so other plugins can generate the JWT themselves.
If that's the case, the Headless WooCommerce could work like this:
User places an order in the Headless frontend. Data is sent to some new-order endpoint.
WooCommerce receives order via the new-order endpoint, creates the user, generates the JWT (using the exposed function) and returns everything in the response.
Headless frontend receives the JWT and the user is logged in.
What I don't know is if exposing such a function would mean a security risk. Any thoughts?
The text was updated successfully, but these errors were encountered:
Another edgy case of WordPress auth flow, but quite common, is the automatic register and login of a new user during the WooCommerce checkout.
Once this option is active:
Users only need to provide an email and place the order:
Then, once the order is finished users are automatically logged in, and can see their order, downloads and so on:
They also receive an additional email with their new account and password:
This would obviously get out of the scope of the OAuth 2 auth method but, as the final token is likely to be a JWT, I wonder if a function could be exposed so other plugins can generate the JWT themselves.
If that's the case, the Headless WooCommerce could work like this:
new-orderendpoint.new-orderendpoint, creates the user, generates the JWT (using the exposed function) and returns everything in the response.What I don't know is if exposing such a function would mean a security risk. Any thoughts?
The text was updated successfully, but these errors were encountered: