Programmatic Login from 3rd Party site

I’m trying to do a sort of SSO/programmatic login solution for our wordpress site from our separate web application. I don’t have a lot of experience with wordpress so I assume there’s something I’m missing or have configured incorrectly.

First here is my testing code that works great when I hit it directly IE www.mywordpresssite.com/test_login.php

test_login.php:

The above sets the cookies accordingly and logs in the ‘myuserid’ user no problem. It redirects to user_admin_url() which was fine for my test but unnecessary as my intention is just to go to the home page as the entire site will be locked down for non-logged in users once this is working accordingly.

Now using the same concept that worked in test_login.php I’ve created prod_login.php which is supposed to apply the same logic via a cURL request from the web application that passes creds via the Authentication header.

prod_login.php:

Now my cURL request appears to be working fine, I’m consistently getting the http_code === 200 response and the user object is coming back correctly in the cURL response. However, after the redirect to the wordpress site from the web app, the cookies are not set and I am not actually logged in.

web app cURL request:

I have no idea what I’m doing wrong. I assume it has to do with the cookies getting blown away or not preserved between the cURL and the redirect. Any insight on how to prevent that from happening or what I’m doing incorrectly is appreciated. Is this even possible with a cURL?

I have also tried a multitude of the examples of add_filter(‘auth_cookie_expiration’,… and apply_filters(‘auth_cookie_expiration’,… that are available on the internet to no avail.