• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Be Devious

Friendly, helpful, personal web services. Seriously.

  • Home
  • Services
  • Portfolio
  • Testimonials
  • Contact
  • Blog
  • Portal

Password Reset via the WordPress REST API

September 6, 2020 by Dominic Vermeulen-Smith Leave a Comment

The WordPress REST API is a fantastic tool that has transformed the way developers can user WordPress and introduced a huge number of possibilities. One of the possible use cases is using WordPress as a back end for apps. Whether they are progressive web applications, single page applications, mobile apps or even desktop apps.

This is often referred to as “Headless WordPress”, the head referring to the front end of the site, or even the admin area, as it means you just use what is under the hood. You can then use whatever your favourite front end framework is for a site or app.

A simple use of the API could simply be to load publicly available blog posts. But if you need to go further than this and your users need to be logged in to WordPress via a non-WordPress interface, you will need to add some extra tools or plugins to help manage this. There’s a few options for registering and logging in, but that’s not what this post is about.

Specifically here we’re looking at methods of resetting a user’s password.

Password Reset – why does it need special attention?

If you consider the normal password reset process in WordPress, as user will:

  • Click the forgotten password link
  • Receive an email with a unique link to the password reset screen
  • Follow the link back to the WordPress website
  • Set a new password
  • Login

There’s an issue using this process when using an alternative front end, since you won’t want users redirected back to your WordPress install. This will take them out of the flow of your app, and then, how do you get them back to the app again? This is especially an issue for mobile apps, since while you can set up deep links for your app to open based on a URL, the set up is quite involved, especially since it’s different for each platform.

All these considerations aside, let’s take a look at our options.

WP REST User Plugin

WP REST User

This plugin offers the ability to create users and reset their passwords. The main drawback for the password reset is what is explained above, since it will trigger the normal WordPress password reset email. As if the user had requested a password reset. If this isn’t an issue for you, this plugin works well. If it is, you’ll need to figure out how to get the user back into your flow.

Create a Custom Password Reset Process

After not getting what we needed from WP REST User Plugin, we initially coded our own custom solution which involved the following:

  • Creating a new REST Endpoint for a password reset
  • Sending a new custom email with a link back to our web app with a custom code parameter in the URL
  • Creating a new REST Endpoint to set a new password, ensuring that we validated the code that came with the request

This worked fine for browser based apps but fell short for mobile apps. Since we had no other case to use deep links for our app, the amount of work required to implement it seemed disproportionately high.

It was this scenario that inspired the development of…

Password Reset with Code for WordPress REST API

Password Reset with Code for WordPress REST API

So yes, this is our plugin. When the previous process fell short, we took a step back and thought – what other password reset processes are there? One that jumped out as being simple to implement was the sending of a 4-digit code via email that the user could enter into an app. This code would then be sent with the reset request and validated when setting a new password.

At present, although there are many action hooks and filters in the plugin to customise the experience for your app. But, there’s scope to  take this further. Codes could be sent via SMS or we could make use of an authenticator app like Google Auth.

Roundup

As we know the password reset process requires a little extra thought when using the WordPress REST API. But we do have a couple of good options available.

Using another method for password resets? Use the comments to share your experience.

Credits

Featured image courtesy of [email protected]

Filed Under: REST API

Stay in touch

*We won't share your information and it'll only be used to send you internet goodies!

Recent Posts

  • Password Reset via the WordPress REST API
  • Sorting WordPress Queries By Multiple Criteria
  • How To Use GTMetrix to Test The WordPress Admin Area
  • Not Another WordPress REST API Post
  • Speed Up WordPress Websites – 6 Essential Tips

Recent Comments

  • Password Reset via the WordPress REST API - Be Devious on Not Another WordPress REST API Post
  • Dominic Vermeulen-Smith on Not Another WordPress REST API Post
  • Dave Spencer on Not Another WordPress REST API Post

Archives

  • September 2020
  • June 2020
  • August 2017
  • July 2016
  • June 2016

Categories

  • BeDeViouS
  • Coding
  • General
  • Hosting
  • Opinion
  • REST API
  • Security
  • SEO
  • Uncategorized
  • Website Performance
  • Home
  • Contact
  • Privacy Policy

Copyright © 2021 BDEVIOUS LTD. Registered in England and Wales 10124924