Implement authentication to an organization oAuth server

Using JWT you can extends the WP REST API using JSON Web Tokens Authentication as an authentication method.

WordPress REST API Authentication:
Default cookie authentication : cookie authentication is the only authentication mechanism available natively within WordPress.

Remote applications :

To support remote applications, we need to add a new REST API authentication method using a plugin.

Currently supported options are Basic Auth, OAuth, and JWT:

Basic Auth with a username and password is considered insecure and should only be used in development scenarios

OAuth is great but it can be a pain to authenticate

JWT is awesome and works great with front-end frameworks

User Sign In ([username/password]) => Authentication Server => User Authenticated, JWT Created and return to USER

USER (User passes [JWT] When making API Calls) => Application server => Application verifies and processes API Call => send data / message to USER

enter image description here
user first signs into the authentication server using the authentication server’s login system (e.g. username and password, Facebook login, Google login, Twitter etc). The authentication server then creates the JWT and sends it to the user. When the user makes API calls to the application, the user passes the JWT along with the API call. In this setup, the application server would be configured to verify that the incoming JWT are created by the authentication server

when the user makes API calls with the attached JWT, the application can use the JWT to verify that the API call is coming from an authenticated user.

Authentication Plugins :
Authentication that will work from remote applications.

Some plugins for Authentication:

OAuth 1.0a Server : Connect applications to your WordPress site without ever giving away your password.

This plugin only supports WordPress >= 4.4.

Application Passwords : – authenticate a user without providing that user’s password directly, instead you will use a base64 encoded string of their username and a new application password.

JSON Web Tokens – Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.

WP User : Extends the WP REST API using JSON Web Tokens (JWT) Authentication as an authentication method.

WP User plugin helps you to create front end login and registration form on website as well as help to create JWT token for WP REST API with additional security Limit Login Attempts,Password Regular Expression, Blacklisting / Whitelisting IP addresses etc features.

User logins or registrations and would like to avoid the normal WordPress login pages, this plugin adds the capability of placing a login, Registration, forgot password with smooth effects in AJAX as well support REST API.

Leave a Comment

tech