springwordpressjwtspring-security-oauth2server-to-server

How to connect Woocommerce WordPress plugin to a Spring Boot API based on Spring Security Oauth2 JWT?


I am a Spring Developer trying to figure out how to connect a WordPress WooCommerce Website to my REST Spring boot Service. I haven't worked with WordPress, so there are a lot of unknown unknowns for me there. I am in collaboration with another developer on the WordPress side of things, trying to solve this issue, but we are a little lost.

Are there Best Practices for a WordPress website to access the Spring boot Oauth2 API (including JWT Token delivery Service) ?

CONCRETE DESCRIPTION OF MY SITUATION:


State right now (working):

Someone orders a Product on the WooCommerce website and the order status is set to processing.

The goal:

WordPress WooCommerce Backend calls the Spring boot API to send how many Products were ordered.

WHAT WE FOUND OUT AND WHAT WE TRIED:


Spring boot:

We found out that Spring boot outh2 is the way to go for the REST API ENDPOINT The only resource I found about this are this once, which are very good and sufficient:

https://developer.okta.com/blog/2018/04/02/client-creds-with-spring-boot

https://www.youtube.com/watch?v=X80nJ5T7YpE

WordPress:

The Problem is, that we find a lot on WordPress Webhooks but not a lot on how to call an API Endpoint with a Token system. Here are some resources we worked through, which are not sufficient:

https://developer.wordpress.org/plugins/http-api/

https://woocommerce.github.io/woocommerce-rest-api-docs/v3.html?shell#webhooks

https://duckduckgo.com/?q=wordpress+oauth2+rest+call&t=bravened&ia=web

WHAT WE THINK TO KNOW ABOUT THE SERVER TO SERVER COMMUNICATION IN THIS CASE** (Handshake):


  1. In WordPress, I manually safely store a Username and a Password which Spring Security knows about, on WordPress.

  2. WordPress, an order has been finished.

  3. WordPress calls Spring boot Https Request to /api with Payload: OrderInformation, Password and Username.

  4. Spring sees that there is no Token or the Token is outdated

  5. Spring searches the Request Payload for Username and Password

  6. Spring generates a signed JWT Token based on Username and Password.

  7. WordPress receives that Token and stores is safely

  8. WordPress HTTPS Request /api with Payload: OrderInformation, Token.

  9. Spring validates the Token, accepts the OrderInformation

  10. Spring does what ever it needs to do with the information and when everything works out

  11. Spring Oauth2 somehow has to tell Woocomerce that the information was successfully delivered. Otherwise Woocomerce has to resend the information. And start form point

WHAT WE HOPE THIS POST SHOULD ACCOMPLISH FOR PEOPLE WITH THE SAME QUESTION:


If someone knows any resource or best practices how to configure WordPress WooCommerce, please let us, who have a lot of unknown unknowns, know what to do next. We hope this post and its answers can be a gateway and vertex for other people to find the information they need.

Thank you very much in advance


Solution

  • I am not sure about Spring Boot API specifically, but I have done this type of integration with other REST API's.

    I would recommend using wordpress action hook. The hook that I would recommend you to use is woocommerce_order_status_changed.

    // define the woocommerce_order_status_changed callback 
    function action_woocommerce_order_status_changed( $this_get_id, $this_status_transition_from, $this_status_transition_to, $instance ) { 
        // make action magic happen here... 
    }; 
             
    // add the action 
    add_action( 'woocommerce_order_status_changed', 'action_woocommerce_order_status_changed', 10, 4 ); 
    

    At the place of // make action magic happen here... write the logic where you contact with your API. Run your code when $this_status_transition_to is processing. The $instance should have woocommerce order instance which you can use to push to API.

    Some pointers that I would like to give are.

    1. Save the API Token/Credentials in an Enviroment Variable for security.
    2. Would recommend using Guzzle package to make http request. Use composer to install the package.