Override WordPress user with Oauth2 account

I am trying to set up WordPress as an OAuth2 client. All of our users are stored in our proprietary CMS which is an OAuth provider. We have very little (to no) users in our WordPress database, primarily just administrators. Ideally, I do not want to store user data in the WordPress database because I would need to somehow maintain state across X number of WordPress sites, whereas I have one source of truth within our proprietary CMS.

My initial design of this so far was to create a plugin that overrides the existing WordPress user functionality and stores an OAuth access token and user uuid within a cookie or session. But, I need this user to be accessible in other plugins, so ideally overriding the default WordPress user methods.

Is this an acceptable approach? Or, am I trying to work with WordPress in a way that it wasn’t meant to be worked?

I can find tons of plugins for setting WordPress up as an OAuth2 provider, but very few as a client. That being said, I have found some that do set up WordPress as a client, but a lot of them are specific to Google Apps, Facebook, Twitter, etc. Moreover, these apps rely on storing user data locally within the WordPress user table. I would prefer not to do so.

Thanks for any help!

If you can stick to overriding just functions that are located in wp-includes/pluggable.php then you should be able to avoid any kind of plugin conflicts … unless you are using plugins that are overriding the same pluggable functions.

Just make sure that your functions are declared before pluggables is loaded. Plugins are loaded before the pluggables file … so if you define your function overrides in a plugin then you can be certain they are loaded. Otherwise just make sure to use an earlier action to do so.

There are quite a few authentication, cookie, and user related functions in there for use.