WordPress is a great CMS and is only gaining more traction. Although According to https://trends.builtwith.com/cms, WordPress is now 37% (at the time of this post) of all CMS on the public internet. That is impressive! You know what is not impressive? The lack of authentication standards WordPress supports natively.
The WordPress development community pushes back pretty hard when it comes to introducing new ideas that do not meet the needs of the majority of its user base. This is understandable in the sense that the community wants to keep the “bloat” down. Sometimes this push back from the development team is a bit naive. A feature that may not have traction now can be due to the low user base but may be a widely used standard. This is especially true in the enterprise world.
Ok, enough of that.
As mentioned above, WordPress seriously lacks support when it comes to authentication. Currently, the only native supported authentication is cookie base and plain text user credentials (using the XML RPC API). With the JSON API, these authentication methods just do not work for what most developers looking to expand on an multiple device enterprise platform.
OpenID is “Open Identity” but this article will focus on OpenID Connect 1.0.
Wiki explains OpenID as:
OpenID is an open standard and decentralized authentication protocol. … Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign onto any website which accepts OpenID authentication.
Ok, Wait! This is OAuth. What is the difference? That’s a good question. The difference is the protocols used as well as the flow of authentication and authorization. Overall the endgame is the same. A user can access one system using the account from a completely separate system.
OAuth is short for “Open Authorization” but this article will focus on OAuth2.
OAuth.net explains OAuth2 as:
OAuth 2.0 is the next evolution of the OAuth protocol which was originally created in late 2006. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification is being developed within the IETF OAuth WG.
LTI is short for “Learning Tools Interoperability” which focuses on secure exchange of information for LMS and other educational tools (web and mobile applications, portals, content delivery systems, paywalls and much more). LTI is more of a client system connecting to a LMS but if WordPress is the LMS, then LTI connections are what you are looking for.
We do have plans on writing our own LTI connector for WordPress in early 2017.
The overall goal of this article was to cover the many ways that WP OAuth Server can help you connect multiple platforms to any WordPress install.
WP OAuth Server offers or will offer all of the above options in the near future. If you are in need of a LTI Connector for WordPress, please contact me by submitting a form at https://wp-oauth.com/services/.