Using JWT to authenticate a user with an external system?

A recent comment brought my attention to this question, which I had posted. I had also posted another question regarding this topic, and had later solved it and posted an answer, here: JWT authentication with WP – Approach

Copying that answer here, so that it helps someone who stumbles across this implementation:

  1. The endpoint coded in the app that I am supposed to authenticate with prepares the token.
  2. The token has to be in the specified format.
  3. It then should be base 64 encoded and hash encrypted.
  4. The wp_init handler should be used to handle the POST request sent by the endpoint, to extract the token.
  5. The key will be shared via some other way, used for decryption.
  6. Once the token is extracted, compare it against a locally generated token with the same information.
  7. Store it in a cookie, and check it on every page access. You can expire it after a while or keep on increasing the time slice on every page access.

The endpoint could be in any language. Also this is the general flow of it, you can use it anywhere you want.

Related Posts:

  1. Use WordPress engine for user registration and management
  2. Create API for single sign-on with 3rd party site
  3. How to restrict attachment download to a specific user?
  4. JWT authentication with WP – Approach
  5. Allow anonymous user to access Themes Customizer
  6. Friendica integration using wordpress authentication
  7. Is there an existing capability to allow editing of only pre-existing pages? If not, a good way to implement this?
  8. How to make user inactive by default while registering?
  9. how to update current logged user username
  10. How to customize wp_signon()
  11. How to set privilege to wordpress subscriber for private page
  12. Restricting access to content
  13. authenticate user without password from email activation link [duplicate]
  14. User Access Manager plugin
  15. Create Session with JWT
  16. Single sign-on: wp_authenticate_user vs wp_authenticate
  17. How to get the ID of the currently logged in user?
  18. How can we Restrict to access a certain wordpress page to all ip address except some which we allow
  19. Restrict post to user_id
  20. add_option_page capability behaving strange
  21. Access denied on Published Pages but not on WordPress /wp-admin/
  22. Allow non logged users to visit only login page and password reset page
  23. How can I allow users to make groupings of posts
  24. Is user listing on wordpress private?
  25. How to restrict logged user to view only certain pages?
  26. Limit post display to post authors and create an exception for specific pages
  27. Single sign on for several website domains
  28. How to “Global Ignore” / “Hell Ban” someone, restrict post visibility to the author only?
  29. Conditional menu for registerd users/guests (Genesis framework)
  30. How can I create an upload page for (and only visible to) specific users?
  31. remove wp admin menu by customer user role
  32. Custom Roles for access to specific term(s)
  33. ‘post’ only for editor and administrator
  34. Why: sticky front page code, shows latest non-sticky on logged-in front page
  35. Auto log in hook is requiring a page refresh
  36. Facebook Registration Tool: how to use in WordPress? [closed]
  37. Access denied error when logged in as admin
  38. Disable all admin UI access to authors (except to custom post type add, edit and modify)
  39. How do you manage your pages or functions that require logged-in users?
  40. Hide all pages except landing page
  41. Can I “protect” a page with a form asking for an email address?
  42. How to restrict access to a page?
  43. How can I change access permissions across many pages?
  44. How do I get the access type in WordPress?
  45. Profiles site with access levels
  46. User access control in sidebar archive and categorires
  47. Plugins that restrict access based on user group/roles
  48. Restrict access for wp-admin panel
  49. Specify the level of access to different pages at the time of user creation
  50. Custom user roles are unable to login
  51. When add analytics script, wordpress user login not working
  52. Hide WordPress “wp-admin” dashboard to User IDS
  53. is_user_logged_in() returns different values on different pages
  54. I cannot access but but wp-admin works normally
  55. about visibility in wordpress regarding of roles
  56. Can access main URL and Dashboard but not any posts or pages [closed]
  57. throttle/limit a logged in user’s http requests to specific page on a per day basis
  58. Users are required to login to my site. How define user.member boolean, its permissions, and conditionally display/handle behavior based on it
  59. How to List only the users created by a particular user
  60. How to enable to the user send content and save as draft entry?
  61. How to give members access to their own protected page?
  62. How to make future posts visible to selected visitors without login
  63. Add existing user as administrator
  64. Split post edit screen into sub-edit screens for users, is this good or bad, and is it possible?
  65. Suggestions for allowing basic users to view their own posts?
  66. How to restrict posts only from a certain category
  67. Handle POST request sent from an external site for login?
  68. Two users attempt to modify a page
  69. What is an Endpoint?
  70. OpenAM error 500 “Unable to do Single Sign On or Federation” when browser loads successURL
  71. Allowing specific users to only add posts using certain custom taxomy terms
  72. How to keep always logged in development environment
  73. Authentication/API Questions
  74. Moving wordpress from localhost to server throws admin panel access error?
  75. Can you have multi-site WP and keep users separate?
  76. Is there a way to set the user Role based on email domain
  77. Authentication for a mobile app connected via wp-rest api?
  78. Configuring WordPress Auth Cookie Expiration
  79. How do I hide one menu item link for logged in and logged out users [closed]
  80. wordpress user roles are not working
  81. Good way to block users within a multisite setup without deleting them?
  82. Problem with automatic role change through cron job
  83. Two factor authentication
  84. wordpress 3.9 remote token auth
  85. Is there a plugin that lets users request an account on the site? [closed]
  86. auto logout user when user logout on one of the opened tab
  87. Access for adding subpages but not for pages
  88. Requiring Authentication for Parts of WordPress Site
  89. Getting Authentication required popup
  90. Where is the php file, that does the checks for login information?
  91. Using my own user table
  92. Mirgrating a user at signon
  93. How to store a secret for a plugin inside public_html
  94. How to show only specific category post by user role without plugin and restrict all other cats
  95. Random authentication failures on a load balanced WP setup
  96. Multisite authorization error 401
  97. Username has been exposed
  98. Allow users to create and store data and retrieve it on login
  99. How to change user role setting in members plugin so that user can only edit his own post?
  100. Social login authentication via wordpress rest api

Leave a Comment