Authentication Overview
ASAP Digest provides several authentication mechanisms to ensure secure access to resources while providing a seamless user experience.Authentication Methods
Server-to-Server Auto Login (V6)
Our primary authentication mechanism is server-to-server auto login, which automatically authenticates users who are already logged into WordPress when they visit the SvelteKit application.WordPress Session Check
SvelteKit endpoint to check for active WordPress sessions
Active Sessions API
WordPress endpoint that returns active user sessions
Key Features
- No Cookie Dependency: Unlike previous versions, V6 doesn’t rely on cookies, eliminating cross-domain issues.
- Secure Secret Sharing: Uses a shared secret for server-to-server authentication.
- Role-Based Access: Configure which WordPress roles can trigger auto-login.
- Detailed Logging: Comprehensive logging for debugging and monitoring.
Sequence Diagram
Implementation Guide
For detailed implementation instructions, refer to:Security Considerations
In production environments, we recommend:- Using HTTPS for all communications
- Implementing rate limiting
- Configuring IP restrictions for WordPress endpoints
- Regularly rotating the shared secret