- [Instructor] Okay, JSO helps us get the token and store it in local storage in the browser. That means, if I'm in my application, I can log in, jump to Wordpress, get authenticated, come back into the browser, and then to get the editing capability to work, I need to click login again. The logic here is a little bit odd. We'll fix that in a second. The problem is, if I try to edit the title now, and then save the title, I get an error. That's because right now, even though I have the token, I'm not passing the token to Wordpress.
So, Wordpress is sitting at the other end going, "I see you're trying to edit things through the rest of API. "I don't know who you are, "so I'm not gonna let you do that." In the previous chapter, we solved this by sending a request header with an authorization token it it. And technically, we can do the same thing here. We can go into local storage, grab the token, and just the access token property, and then pass it in through an XHR request in the header and everything will be fine. That's really clunky. I want to show you something else, and this is what made me choose JSO as the solution I want to show you in this course.
Right now, the runAjax function, which is the function that tries to send a post request to Wordpress to change the database is just set up as a regular ajax call, so there's no authentication here at all. Check this out: I can now make the ajax call part of the JSO object and then JSO will handle the authentication for us. First, I grab JSO. This is not my JSO object that I set up at the top. This is the actual JSO object that sits inside JSO in the libraries here.
I'll use the method... enablejQuery. This enables a jQuery wrapper that literally wraps around jQuery in my function and adds a bunch of new capabilities to jQuery. Then I'll change the jQuery objet to a JSO object. So, I'm passing jso.ajax instead of jQuery.ajax. Nothing else happens here. I'm not passing any headers or doing anything weird. Save this... Go back in the browser, click edit title, save title, and it works.
If you don't trust me, just reload the page, re-request information from the database, and here you see "The Four Hours in Norway." I can edit the title again. Click "save title." A request is sent through the rest of API and is accepted by Wordpress. Hopefully, this is where you go from "I don't know, oauth 2 seems pretty tricky "compared to JWT" to "Oh! oauth 2 is actually "way simpler than JWT thanks to JSO." If that's the case, great! Come with me to the next movie and we'll solve all the logic problems in this page, and get everything to work properly.
- What is authentication and when do you need it?
- Cookie authentication
- Creating a plugin for front-end editing
- Adding the front-end editing functionality using jQuery
- Limiting front-end editing to authorized users
- What is JWT authentication?
- Adding editing capability using Ajax
- OAuth 2 authentication
- Configuring JSO
- Making login and log out states meaningful