-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Kevin Hoffman edited this page May 8, 2018
·
8 revisions
The WP Business Reviews Server plugin provides authentication for platforms in the WP Business Reviews Client plugin. At this time, Facebook (OAuth2) is the only platform that requires server-side authentication. Other platforms are able to authenticate within the Client plugin.
- WP Business Reviews Client plugin - Many instances hosted on users' WordPress sites.
-
WP Business Reviews Server plugin - One instance hosted on
wpbusinessreviews.com. Client plugin users authenticate through the Server plugin.
- User initiates Facebook OAuth2 authentication by clicking
Connect to Facebookwithin the WP Business Reviews Client plugin settings screen. - The Server plugin receives the request at
https://wpbusinessreviews.com/facebook-token/request/and redirects the user to Facebook. The URL of the Client plugin settings screen is encoded in the URL so that the user can ultimately be redirected back to their site. - If the user is not logged in, they will be asked to log in to Facebook.
- If the user has not given the app permissions, they will be asked for permissions.
- After confirming permissions, Facebook redirects the user to
https://wpbusinessreviews.com/facebook-token/response/where a long-lived user access token is generated (expires after 60 days). - The user access token populates a hidden form field and is sent back to the Client plugin using
POSTmethod. - The Client plugin stores the user access token in the WordPress database.
- The Client plugin uses the user access token to generate permanent page access tokens, which are also stored in the WordPress database.