How to Create SSO between InvoicePlane & WordPress Site

Hi everyone, I’m new to this community and I loved InvoicePlane so much.

My Case:
A. I was thinking of synchronizing my InvoicePlane site’s users with my WordPress users. (Only a specific Role’s users if possible).
B. When I log-in to WordPress site the same synced account on InvoicePlane site login as well (user ID & Taken as I know): this means the user’s account’s data on InvoicePlane will be loaded.
C. When a user logout, he log-out as well from Wordpress.

My plan is to add InvoicePlane as a cloud services on my websites (everything related to Coryrights had been carried out), so when I sell a subscription the user will create an account on WordPress in mean while a user on InvoicePlane will be created: so when the user log-in to WordPress he log-in as well to his account on InvoicePlane .

I hope that some one he can help me or at least provide me with some key points to make it possible and some ideas.

Best regards,
Mohamed Ali

My first idea would be to modify the Wordpress login function to set the login cookie not only for the Wordpress installation domain but also the InvoicePlane domain. Inside InvoicePlane you would need to add a key or something that may be securely stored in the cookie which will be checked by InvoicePlane.

application/modules/sessions/models/Mdl_sessions.php handles the login authentication so you may take a look in how the required data looks like.
Session validation is done inside the /application/core/User_Controller.php file.

2 Likes

Great tips! thanks, Kovah, I really appreciate your help. My final goal is to create an SSO between several WordPress sites and some PHP application using “https://auth0.com/” I hope if you can take a look at it. You already provided big help by given me the responsible PHP docs for the login auth.
May you please explain more how does InvoicePLane handle the login process, I’m not expert in PHP and I need to understand how this is working to know what to change on WordPress to create the SSO link.

Best regards,
Mohamed Ali

The Mdl_sessions.php file handles the login process. If the user was authenticated, a new session is generated and user data is saved for it.
Withn the User_Controller.php file there is nothing more than a simple check if a specific key and corresponding value exists in the user session data. If not, redirect to login.

As there are only two roles the only thing to check is if the user_role key is either 1 (admin) or 0 (guest).
At this point you would have to implement the 0auth check.