How Do Logins Work: A Developer's Perspective

There are two general ways that we accomplish logins: an ajax call  from the app (using an Angular promise) or inside an iframe that contain a login form from WordPress.

From the App

When the login modal from the app is used, an ajax call to the AppPresser core plugin occurs. It is accessing the 'wp_ajax_nopriv_apppajaxlogin' hook in that plugin. That hook logs in the user and sends the user's details back to the app in the ajax response. 

The ajax request to WordPress
https://github.com/apppresser/ap3/blob/master/src/providers/wplogin/wplogin.ts#L35

The response to the app after login from WordPress
https://github.com/apppresser/AppPresser/blob/master/inc/AppPresser_Ajax_Extras.php#L89

From WordPress iframe

If you are customizing your login with a membership plugin or you want to include a 2-step verification, you let WordPress handle the login. When the app uses an iframe of a WordPress login form (can be a custom form), WordPress takes care of the login. The only thing needed is to notify the app that a login just happened. To do that, you use javascript to send a message of the login details to the app. So it doesn't matter how you log them in, just as long as you tell the app it happened.

At the very minimum, this is all that the app needs from WordPress (pure javascript):
https://gist.github.com/stillatmylinux/180e69073330a489ea4b9a51457a5b92

However, this might you help come up with something custom for your situation (mixture of PHP and javascript).
https://gist.github.com/stillatmylinux/973b08e28b06e2cbf01a66a64b51f190

Troubleshooting

If using login from the app, see the how to troubleshoot your login using the Postman tool.