Hey!
This is definitely doable but it’s gonna be a hack either way as these are not publicly documented or stable methods.
You can either get a JWT for a member and use that to authenticate into your application, but this won’t handle logout when the member logs out of Ghost. Or you can use the cookies like you say, but this will be a little more involved and require your app to be running on the same domain so that the cookies can be shared.
External auth with JWT
You can make a GET request to /members/ssr in your theme which will give you a JWT and then send that to your application to validate (with members_public_key
in the settings) and initiate a session. An example of a call to this endpoint is here: https://github.com/TryGhost/Ghost/blob/master/core/server/public/members.js#L75-L81
External auth with cookies
For this to work your app will have to be on the same domain as your Ghost site so they can share cookies.
You can take a look at the members-ssr package here: Members/packages/members-ssr at main · TryGhost/Members · GitHub and use the getMemberDataFromSession
method. In order to use this you’ll have to pass in the required settings which you can get from the Ghost settings table. You’ll also have to pass in a getMembersApi
function which returns a proxy to a members API object - the only method you’ll need is this one: Members/index.js at main · TryGhost/Members · GitHub
To implement this method you’ll need to use either the admin API or read from the db.
Hope this gives you a good start