JWT authentication with WP – Approach

This showed up as a notification due to the upvote. Here’s how I solved it.

  1. The endpoint coded in the app that I am supposed to authenticate with prepares the token.
  2. The token has to be in the specified format.
  3. It then should be base 64 encoded and hash encrypted.
  4. The wp_init handler should be used to handle the POST request sent by the endpoint, to extract the token.
  5. The key will be shared via some other way, used for decryption.
  6. Once the token is extracted, compare it against a locally generated token with the same information.
  7. Store it in a cookie, and check it on every page access. You can expire it after a while or keep on increasing the time slice on every page access.

The endpoint could be in any language. Also this is the general flow of it, you can use it anywhere you want.

Related Posts:

  1. Change GitHub Account username
  2. Google OAuth 2 authorization – Error: redirect_uri_mismatch
  3. What are the main differences between JWT and OAuth authentication?
  4. How to use OAuth authentication with REST API via CURL commands?
  5. Create API for single sign-on with 3rd party site
  6. How to validate a user from ouside wordpress/php?
  7. Override user authentication with external credentials
  8. why does WordPress need two cookies for auth/login
  9. Extend WordPress (4.x) session and nonce
  10. How to use WordPress authentication on non-WordPress page?
  11. How does ifttt.com authenticate a supplied WordPress account
  12. Using JWT to authenticate a user with an external system?
  13. Storing Dropbox Authentication?
  14. WordPress as a OAuth Provider
  15. Friendica integration using wordpress authentication
  16. Authentication for wordpress website
  17. How to leverage authentication outside of WordPress?
  18. How do I execute a wp_remote_get call using NTLM authentication?
  19. Outgoing proxy connection problem
  20. WordPress SSO with MemberPress
  21. Create Session with JWT
  22. Authenticated request to WP REST API V2 returning 403 error on /users/me [closed]
  23. Single sign-on: wp_authenticate_user vs wp_authenticate
  24. Set authentication cookies to be shorter but then extend with every page load
  25. WordPress user Authentication
  26. WordPress asking for FTP details when installing plugins
  27. How to password protect media library files (PDF)?
  28. How to use Azure AD for authentication?
  29. implement authentication and authorization to user
  30. for a role-protected page, programmatically login user and load page
  31. Single sign on for several website domains
  32. guest authentication
  33. wordpress 3.9 remote token auth
  34. How to set up Shibboleth authentication for a MU site
  35. Login after “Read More” then return to article
  36. How to make WordPress use authentication from Parent Site
  37. auto logout user when user logout on one of the opened tab
  38. How can I have authenticated WordPress users automatically sign into Moodle?
  39. Facebook Registration Tool: how to use in WordPress? [closed]
  40. Requiring Authentication for Parts of WordPress Site
  41. WooCommerce OAuth 1.0 + JWT authentication with JS/React
  42. Authenticating users with usermeta fields
  43. Getting Authentication required popup
  44. How can LDAP/Active Directory be integrated in WordPress?
  45. Authenticate Subdomain
  46. How to create new users with JWT Auth Plugin?
  47. Mirgrating a user at signon
  48. Automate WordPress Login
  49. Application to Website authentication
  50. How to authenticate using JWT by ajax?
  51. Open authenticed WordPress page from mobile app
  52. Access to customer profile with pin code
  53. WP link for reset password is not received
  54. How to make an other web app can login with wordpress authentication?
  55. How to add additional factor to wordpress authentication
  56. Adding a “Sign In/My Account” link to an external app
  57. Check if user is logged in, inside php file in template directory
  58. Handle POST request sent from an external site for login?
  59. Connect my WordPress site users to my public site account without showing my public site credentials
  60. WordPress Multisite and site speed and scaleability
  61. Blocking the direct access to images in the upload folder WordPress
  62. Can you pass user/pass for HTTP Basic Authentication in URL parameters?
  63. What is the difference between authentication and authorization?
  64. wp_signon by user’s login by their particular role
  65. Unable to login with correct password
  66. Authentication versus Authorization
  67. What is an Endpoint?
  68. Git push results in “Authentication Failed”
  69. Git push results in “Authentication Failed”
  70. Git push results in “Authentication Failed”
  71. nodejs – error self signed certificate in certificate chain
  72. Google OAuth 2 authorization – Error: redirect_uri_mismatch
  73. What ports need to be open for TortoiseSVN to authenticate (clear text) and commit?
  74. OpenAM error 500 “Unable to do Single Sign On or Federation” when browser loads successURL
  75. OpenAM error 500 “Unable to do Single Sign On or Federation” when browser loads successURL
  76. How do I remove documents using Node.js Mongoose?
  77. PG::ConnectionBad: fe_sendauth: no password supplied
  78. PostgreSQL error: Fatal: role “username” does not exist
  79. Authenticating in PHP using LDAP through Active Directory
  80. How to check if a user is logged in (how to properly use user.is_authenticated)?
  81. How to bypass (deprecated) reCAPTCHA V1?
  82. Automatic WordPress Login of Logged In ClickFunnels User
  83. CAS authentication for WordPress
  84. Can I programmatically login a user without a password?
  85. How to: Make JWT-authenticated requests to the WordPress API
  86. SSO / authentication integration with external ‘directory service’
  87. How to Change the Default Home Page for the WordPress Dashboard?
  88. How do I require authorization / login to view a specific set of posts / pages?
  89. What is $interim_login?
  90. Set up WP Authentication from External API
  91. Adding extra authentication field in login page
  92. What exactly is ReAuth?
  93. WordPress auto login after registration not working
  94. Login members using web services
  95. How to check username/password without signing in the user
  96. WordPress REST API – Permission Callbacks
  97. Disable WordPress 3.6 idle logout / login modal window / session expiration
  98. How to pass users back and forth using session data?
  99. How to secure or disable the RSS feeds?
  100. custom XMLRPC method plus authentication of user & WooCommerce order

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)