https://github.com/humanmade/rest-sessions
Log in and out of WordPress using the REST API.
https://github.com/humanmade/rest-sessions
Last synced: 12 months ago
JSON representation
Log in and out of WordPress using the REST API.
- Host: GitHub
- URL: https://github.com/humanmade/rest-sessions
- Owner: humanmade
- Created: 2018-02-06T07:54:32.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2025-02-20T16:41:58.000Z (over 1 year ago)
- Last Synced: 2025-06-30T16:14:53.884Z (about 1 year ago)
- Language: PHP
- Homepage:
- Size: 13.7 KB
- Stars: 18
- Watchers: 25
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
REST Sessions
Log in and out with cookie authentication.
A Human Made project. Maintained by @rmccue.
Working on a REST API-powered theme, and want to include a login form? You need REST Sessions.
## Installation
Activate this plugin.
In order to use the API endpoints, you need to pass a login nonce to the API endpoints. You can get this nonce easily in PHP by calling `REST_Sessions\Session_Controller::get_nonce()`.
## Usage
Rather than explicitly logging in or out, the endpoints used by this plugin create or destroy sessions. These are the real session objects used under the hood by WordPress, and this fits better with the resource-based paradigm used by REST.
### Create a Session (Log In)
To log in, you create a session. To create a session, send a `POST` request to `/sessions/v0/sessions`. You need to include the following parameters (preferably in a JSON body):
* `username` (string): User-supplied username.
* `password` (string): User-supplied password.
* `auth_nonce` (string): Nonce generated by the backend.
* `remember` (boolean): True to persist cookies, false to use short-lived ones. Default is `false`.
On success, this will return a 201 Created status code with a Session resource in the body. Additionally, it will set the authentication cookies for the site.
### Destroy the Current Session (Log Out)
To log out, you destroy the current session. To destroy the session, send a `DELETE` request to `/sessions/v0/sessions/current`. You need to include the REST API nonce for the current user as the `_wpnonce` parameter, just like any other authenticated endpoint.
On success, this will return a 200 OK status code with a JSON object containing the following properties in the body:
* `deleted` (boolean): True on success.
* `previous` (object): The Session resource that has just been destroyed.
### Session Resource
The Session resource returned from these endpoints is a JSON object containing the following properties:
* `id` (string): Session ID.
* `created` (string): ISO8601 datetime representing the creation time of the session.
* `expiration` (string): ISO8601 datetime representing the expiration time of the session.
* `ip` (string): IP address registered for the session.
* `user_agent` (string): User agent registered for the session.
* `nonce` (string): Nonce for use with authenticated REST API endpoints.
Additionally, an `author` link is added pointing to the current user. This link is embeddable.