I might want to have a Wordpress site with integrated auth, so that once the user creates an account on my Meteor app, they can use the same username password to log onto my integrated Wordpress site. Or even better, if they are logged in to my Meteor site or my integrated Wordpress site, they are automatically logged into the other as well.
Is that possible using the accounts-oauth package by any chance?
Yes but you need to be at the same domain.
That doesn’t sound too bad. My Meteor app is hosted on Galaxy. Can I do a redirect of the URL so it looks like my Wordpress site is at the same domain, or would I have to build a Docker image that contains both my Meteor app and Wordpress?
Ok, the way I do it is to generate a cookie using a Meteor method and a secret string on the server and return and write the cookie to the client (this will be “1st party” secure cookie as opposed the 3rd party which is being deprecated by the browsers). The other system reads the cookie and calls a Meteor method to decode the cookie (with the same server side secret string). In your case, in Wordpress, you might just want to decode the cookie and maybe do an API call to your original Meteor to get a token or something for authentication. I guess your Wordpress side of authentication is being taken care of the Wordpress code and your user would be in a MySQL DB.
I got inspired from this old repo to write my sequence. https://github.com/jfrolich/meteor-subdomain-persistent-login/blob/master/src/initSubdomainPersistentLogin.js This is basically as secure as the browser.
Thanks for this great info, @paulishca.
I’m tempted to do something like this:
No CMS? Writing our Blog in React