Thought I’d create a separate thread here on whether Realm can provide member authentication for WordPress. The issue seemed to elicit some interest in an earlier thread.
I had submitted a contact form at the Realm site asking about this. Got this reply:
Realm is a great tool to inform your congregation of events and things of this sort.
We continually keep the security of your members in mind as we have created Realm. Due to this, our security is very strategic with logging in and validating accounts. Once a person’s record is added, they have a profile page—whether they use it or not. To log in and make updates to their profile page, those people must first validate their profile, by creating a login and password they can use to enter the site. This login is what we refer to as an account. To find out if an individual in your database has claimed his or her profile, click Profiles; locate and open the person’s record. If the picture area says “Without Login” in the corner, he or she has an individual record (or profile), but has not yet created a login account.
As we look at assisting you with the UUFNN membership, we do have a few questions. Where to you record whether they are authenticated in the UUFNN database? Is this based on a member status you have created? If this is true, the users’ validation of their account does not automatically set them as a specific member status. You do have the option here of running a custom query fro who has a login. Once you have done this, Select an Action to change a profile field. You will be able to mass change the profile field here.
Can I take this to mean that it is possible for a remote system (i.e., our web host) to query our database at the Realm host for the existence and status of a specific record? Is there some particular dialect of SQL to perform such a query? Is there any documentation available on how to do all this?
Here’s what I’ve learned so far. It turns out that UUFNN does not have the Realm pieces to solve the problem, but the problem does appear to be solvable – by a competent programmer. Some of the pieces required are:
An optional component of Realm called Access ACS REST API exists that can provide member data in response to a REST request.
WordPress versions >= 4.7.0 include a REST API that can create the request.
WordPress has plugins that can restrict access to sections.
What I don’t know is how to get these pieces to play together nicely.
Turns out Realm (as well as Breeze) does not store a username or password for members. This means that even if one had a WordPress plugin to perform remote member authentication (I’m building one anyway) there is no way a member can be authenticated using member’s existence in a Realm database.