Smart-ID is perfect solution to CMS-es like WordPress, Drupal and similar. Plugin can be installed with a few clicks and immediatly support for secure identification methods is available.
One such plugin is built for wordpress and its source code is available at WordPress Subversion repository at https://plugins.svn.wordpress.org/smart-id/trunk/
There are 2 different functions needed for making useful plugin. First step is registering Oauth credentials and second step is Oauth user identification.
Step 1.1 – Oauth 2.0 credentials registration
First part of Oauth credentials registration is redirecting the CMS admin to https://id.smartid.ee/admin/api_register_client with 4 following URL GET parameters. On this page the CMS admin is identified and domain is associated to this person. Later this person can continue to manage his account on https://id.smartid.ee
Full URL looks like https://id.smartid.ee/admin/api_register_client?api_register=yes&api_redirect_uri=https://example.com/smartid/login&api_home_url=https://example.com&api_redirect_back=https://example.com/admin/smartid_register
Step 1.2 – Retrieving client_id and secret
Second part of the Oauth 2.0 credentials process is getting and saving the Oauth client_id and secret credentials. URL where the request is sent is https://id.smartid.ee/admin/api_client_info?data_key=abc123 where data_key value is received from previous step. This call must be taken immediately after the previous step as window for getting the credentials is open only a few seconds due security reasons. Also the data_key is only one time usage.
As a backup the CMS admin can manually copy his Oauth credentials from Smart ID admin site https://id.smartid.ee
Step 2 – Identifying users
Once Oauth credetials are securely saved in CMS config or database then it is possible to start identifying users via regular Oauth 2.0 protocol. In short this contains 3 steps.
This process is described in more detail in https://smartid.ee/how. There are many readymade Oauth 2 libraries in every programming language that make implementing it a breeze. If no readymade libary is used then these a few API calls is fairly easy to be implemented as a custom solution as well.