I need the following, but I don't know if it's even possible. A Wordpress site is using an API endpoint for logging in users from our Laravel project. All working fine, using Passport for this. The API will return an access token for future API calls coming from Wordpress.
Now my customer asked me if it's possible to let the users be logged in the Laravel app too when they logged in via the API request. So when the user browses from Wordpress, they don't have to login into the Laravel app anymore. Does anyone have any experience with this?
An API is stateless. Retrieving a token from an API shouldn’t then be creating state (a session) on that server.
Instead, you can use the appropriate OAuth grant type. If your customer wants the user to be logged in then you should use the typical authorization code flow. The user will be redirected to the API server to log in with their account on that server. When they log in, they’ll then be redirected back to your WordPress site with an authorization code and your WordPress site can then use that code to get an access token for that user. The user will also be logged in on the other server because they would have had to log in to authorize the request.
