[wp-hackers] Querying OAuth protected service during 'wp_login'

John Blackbourn johnbillion+wp at gmail.com
Tue Dec 4 16:20:38 UTC 2012

On 4 December 2012 16:13, fkooman at tuxed.net <fkooman at tuxed.net> wrote:
> The problem now is that in step 3b when the user is redirected back to
> Wordpress, the user is already logged in and thus the wp_login action
> is not triggered again (if the user logs out and in again path 3a is
> followed, so all is fine). I was looking into using the
> 'auth_cookie_valid' action, but this action is triggered all the time
> (even multiple times per page load it seems) so it is not so smart to
> hook into this action with the plugin (for efficiency reasons, it
> would query the remote service every time, and I only want this on
> wp_login, the role is not updated that often).
> Is there a better way to do this? Store a key/value in the session
> cookie to trigger obtaining the role from the server right after the
> redirect and unset this key/value after doing this?

You could hook into the 'check_password' filter instead and do your
oAuth request there if the username/password combo is correct. If your
oAuth request fails you can them return false (and maybe also a
wp_error object, you'll need to check) and the user won't get logged
in. Then you should be able to hook into the 'login_errors' or
'login_messages' filters to display an appropriate message.

Hope this helps!


More information about the wp-hackers mailing list