JWT Authentication for WP REST API
Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
Overview
Compatibility
Installation instructions
Customer support & learning resources
Changelog
Main benefits
Secure token-based authentication
Supports WP REST API
Customizable token settings
Easy token validation
CORS support available
About this plugin
Author: Tmeister
Categories: Integration and APIs
Version: 1.3.4
Last updated: 11-09-2023
WordPress version: 4.2
Tested up to: 6.3.5
PHP version required: 7.4.0
Languages:
Tags:
Learning resources: View resources
Overview
The "wp-api-jwt-auth" is a WordPress plugin designed to enhance the WP REST API V2 by incorporating JSON Web Tokens (JWT) as an authentication method, ensuring secure and efficient credential validation between clients and the server. JSON Web Tokens, adhering to the industry-standard RFC 7519, facilitate secure transmission of claims. The plugin requires WP REST API V2 and PHP 7.4 or higher, with specific configurations to enable HTTP Authorization Headers. Key functionalities include generating and validating tokens through endpoints, storing tokens securely, and integrating them into API calls for authentication. For developers, it offers various filters to customize token generation and validation processes, and supports CORS configurations. The plugin's source is maintained on GitHub, where users can also seek support and contribute.
Secure Authentication
- Uses JSON Web Tokens (JWT) for secure authentication.
- JWTs are an open, industry-standard method for representing claims securely between two parties.
- Ensures that user credentials are validated and securely transmitted.
Easy Integration
- Extends the WP REST API V2 plugin features.
- Simple configuration steps to set up secret keys and enable CORs support.
- Provides clear instructions for enabling HTTP Authorization Header.
Developer Friendly
- Offers multiple hooks to customize default settings.
- Allows modification of token data before encoding and signing.
- Supports changing the signing algorithm and token expiration settings.
Comprehensive Endpoints
- Adds new namespace and endpoints for token generation and validation.
- Provides endpoints to validate user credentials and return tokens.
- Includes helper endpoint to validate tokens easily.
Rating and reviews
alexlana
30 Jul, 2024
I can’t find references about how to block endpoints. You can use a code like this:
// add user id to the token to store on your front endfunction add_user_id_and_role_to_jwt_response( $data='', $user='' ) { $data[ 'user_id' ] = $user->data->ID; return $data;}add_filter( 'jwt_auth_token_before_dispatch', 'add_user_id_and_role_to_jwt_response', 10, 2);// create a callback functionfunction token_jwt_permission_callback ( WP_REST_Request $request = null ) { $user_id = sanitize_text_field( $request->get_param( 'user_id' ) ); $jwt = new Jwt_Auth(); $jwt_public = new Jwt_Auth_Public( $jwt->get_plugin_name(), $jwt->get_version() ); $user_id_at_token = $jwt_public->determine_current_user( $user_id ); $validate_token = $jwt_public->validate_token( $request ); $valid_token = false; if ( !is_wp_error( $validate_token ) ) { $valid_token = ( $validate_token[ 'code' ] === 'jwt_auth_valid_token' ); } if ( !$valid_token || $user_id != $user_id_at_token ) { return false; } return true;}// when register your route: register_rest_route( self::get_plugin_namespace(), '/get_services', array( array( 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( $this, 'get_services' ), 'permission_callback' => 'token_jwt_permission_callback', // <<<<<< set your callback here ) ) );
graficowalab
13 Mar, 2024
I integrated it with my Flutter app, and it works flawlessly.
Here is a little piece of code that I implemented to get User ID and Role:
add_filter('jwt_auth_token_before_dispatch', 'add_user_id_and_role_to_jwt_response', 10, 2);
function add_user_id_and_role_to_jwt_response($data, $user) {
// Aggiungi il campo 'user_id' al JSON della risposta
$data['user_id'] = $user->data->ID;
// Ottieni il ruolo dell'utente
$user_roles = $user->roles;
$user_role = !empty($user_roles) ? $user_roles[0] : '';
// Aggiungi il campo 'user_role' al JSON della risposta
$data['user_role'] = $user_role;
// Restituisci il nuovo array dati modificato
return $data;
}
This topic was modified 4 months, 1 week ago by graficowalab.
Sjors
30 Jan, 2024
Perfect! This plugin is very easy to install and use. It’s also easy to extend and add your own return data.
asfandwordpress
21 Nov, 2023
It totally works fine. It was challenging to set it up in start but this plugin is helping me to extend the functionalities for my mobile app.
drdigital971
11 Sep, 2023
Hi,
The new version (1.3.3) block woocommerce api call.
I use OAuth1 for woocommerce so I didn’t use jwt for that (only for sign in) but now I have a 403 error.
Message: “Authorization header malformed.”
Can you tell why and how to resolved that ?
Thank you.
