Current version is compatible with previous version, feel free to upgrade.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3179287,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3179287,"resolution":"256x256","location":"assets","locale":""},"icon.svg":{"filename":"icon.svg","revision":3179287,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":3179287,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3179287,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1","1.0.2"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Simple JWT Auth Dashboard","2":"Simple JWT Auth Settings","3":"Simple JWT Auth Options"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[710,185306,38851,185303,23853],"plugin_category":[38],"plugin_contributors":[233896],"plugin_business_model":[],"class_list":["post-207856","plugin","type-plugin","status-publish","hentry","plugin_tags-authentication","plugin_tags-json-web-token","plugin_tags-jwt","plugin_tags-jwt-auth","plugin_tags-rest-api","plugin_category-authentication","plugin_contributors-sayandey18","plugin_committers-sayandey18"],"banners":{"banner":"https:\/\/ps.w.org\/simple-jwt-auth\/assets\/banner-772x250.jpg?rev=3179287","banner_2x":"https:\/\/ps.w.org\/simple-jwt-auth\/assets\/banner-1544x500.jpg?rev=3179287","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/simple-jwt-auth\/assets\/icon.svg?rev=3179287","icon":"https:\/\/ps.w.org\/simple-jwt-auth\/assets\/icon.svg?rev=3179287","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"\n
Extends the WordPress REST API using JSON Web Tokens for robust authentication and authorization.<\/p>\n\n
JSON Web Token (JWT) is an open standard (RFC 7519<\/a>) that defines a compact and self-contained way for securely transmitting information between two parties.<\/p>\n\n It provides a secure and reliable way to access and manage WordPress data from external applications, making it ideal for building headless CMS solutions.<\/p>\n\n Plugins GitHub Repo<\/strong> https:\/\/github.com\/sayandey18\/simple-jwt-auth<\/p>\n\n HTTP Authorization is a mechanism that allows clients to provide credentials to servers, thereby gaining access to protected resources. This is typically achieved by sending a special header, the Authorization header, in the HTTP request.<\/p>\n\n Most shared hosts have disabled the HTTP Authorization Header<\/strong> by default.<\/p>\n\n To enable this option you'll need to edit your .htaccess<\/strong> file by adding the following:<\/p>\n\n To enable this option you'll need to edit your .htaccess file adding the follow:<\/p>\n\n Simple JWT Auth plugin needs a Signing Key<\/strong> to encrypt and decrypt the secret key<\/strong>, private key<\/strong>, and public key<\/strong>. This signing key must be exact 32 charecter long and never be revealed.<\/p>\n\n To add the signing key<\/strong> edit your Generate a 32 charecter key from here: https:\/\/string-gen.netlify.app<\/a><\/p>\n\n Here is the sample response if the encryption key is not configured in wp-config.php file.<\/p>\n\n When the plugin is activated, a new namespace is added.<\/p>\n\n Also, two new endpoints are added to this namespace.<\/p>\n\n To generate a new token, submit a POST request to this endpoint. With It will validates the user credentials, and returns success response including a token if the authentication is correct or returns an error response if the authentication is failed.<\/p>\n\n Once you get the token, you can store it somewhere in your application:<\/p>\n\n Then you should pass this token as Bearer Authentication<\/em> header to every API call.<\/p>\n\n Here is an example to create WordPress post using JWT token authentication.<\/p>\n\n Plugin's middleware intercepts every request to the server, checking for the presence of the Authorization<\/strong> header. If the header is found, it attempts to decode the JWT token contained within.<\/p>\n\n Upon successful decoding, the middleware extracts the user information stored in the token and authenticates the user accordingly, ensuring that only authorized requests are processed.<\/p>\n\n This is a helper endpoint to validate a token. You only will need to make a POST<\/strong> request sending the Bearer Authorization header.<\/p>\n\n If the token is invalid an error will be returned, here are some samples of errors.<\/p>\n\n Simple JWT Auth<\/strong> is a developer-friendly plugin. It has various filter hooks available to override the default settings.<\/p>\n\n The Default value:<\/p>\n\n Usage example:<\/p>\n\n The Default value:<\/p>\n\n Usage example:<\/p>\n\n The Default value:<\/p>\n\n Usage example:<\/p>\n\n The Default value:<\/p>\n\n Usage example:<\/p>\n\n The Default value:<\/p>\n\n Usage example:<\/p>\n\n The Default value:<\/p>\n\n Usage example:<\/p>\n\n This section describes how to install the plugin and get it working.<\/p>\n\n Yes, Simple JWT Auth has a GitHub repository. Please visit here<\/a> and consider giving us a star.<\/p><\/dd>\n Thank you so much. We really appreciate it. Please check our github repository<\/a> for more details.<\/p><\/dd>\n\n
Enable PHP HTTP Authorization Header<\/h3>\n\n
Shared Hosts<\/h4>\n\n
RewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\n<\/code><\/pre>\n\nWPEngine<\/h4>\n\n
SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n<\/code><\/pre>\n\nConfiguration<\/h3>\n\n
wp-config.php<\/code> file and add a new constant called SIMPLE_JWT_AUTH_ENCRYPT_KEY<\/strong><\/p>\n\ndefine( 'SIMPLE_JWT_AUTH_ENCRYPT_KEY', 'your-32-char-signing-key' );\n<\/code><\/pre>\n\n{\n \"code\": \"simplejwt_bad_encryption_key\",\n \"message\": \"Encryption key is not configured properly.\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nREST Endpoints<\/h3>\n\n
\/auth\/v1\n<\/code><\/pre>\n\n*\/wp-json\/auth\/v1\/token | POST\n*\/wp-json\/auth\/v1\/token\/validate | POST\n<\/code><\/pre>\n\nRequesting\/Generating Token<\/h3>\n\n
username<\/code> and password<\/code> as the parameters.<\/p>\n\ncurl --location 'https:\/\/example.com\/wp-json\/auth\/v1\/token' \\\n--header 'Content-Type: application\/json' \\\n--data-raw '{\n \"username\": \"wordpress_username\",\n \"password\": \"wordpress_password\"\n}'\n<\/code><\/pre>\n\nSample of success response<\/h4>\n\n
{\n \"code\": \"simplejwt_auth_credential\",\n \"message\": \"Token created successfully\",\n \"data\": {\n \"status\": 200,\n \"id\": \"2\",\n \"email\": \"sayandey@outlook.com\",\n \"nicename\": \"sayan_dey\",\n \"display_name\": \"Sayan Dey\",\n \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciO.........\"\n }\n}\n<\/code><\/pre>\n\nSample of error response<\/h4>\n\n
{\n \"code\": \"simplejwt_invalid_username\",\n \"message\": \"Error: The username admin_user is not registered on this site. If you are unsure of your username, try your email address instead.\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\n\n
Authorization: Bearer your-generated-token\n<\/code><\/pre>\n\ncurl --location 'https:\/\/example.com\/wp-json\/wp\/v2\/posts' \\\n--header 'Content-Type: application\/json' \\\n--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciO.........' \\\n--data '{\n \"title\": \"Dummy post through API\",\n \"content\": \"Lorem Ipsum is simply dummy text of the printing and typesetting industry.\",\n \"status\": \"publish\",\n \"tags\": [\n 4,\n 5,\n 6\n ]\n}'\n<\/code><\/pre>\n\nValidating Token<\/h3>\n\n
curl --location --request POST 'https:\/\/example.com\/wp-json\/auth\/v1\/token\/validate' \\\n--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciO.........'\n<\/code><\/pre>\n\nSample of success response<\/h4>\n\n
{\n \"code\": \"simplejwt_valid_token\",\n \"message\": \"Token is valid\",\n \"data\": {\n \"status\": 200\n }\n}\n<\/code><\/pre>\n\nREST Errors<\/h3>\n\n
Invalid Username<\/h4>\n\n
{\n \"code\": \"simplejwt_invalid_username\",\n \"message\": \"Error: The username admin is not registered on this site. If you are unsure of your username, try your email address instead.\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nInvalid Password<\/h4>\n\n
{\n \"code\": \"simplejwt_incorrect_password\",\n \"message\": \"Error: The password you entered for the username tiyasha_das is incorrect. Lost your password?\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nInvalid Signature<\/h4>\n\n
{\n \"code\": \"simplejwt_invalid_token\",\n \"message\": \"Signature verification failed\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nInvalid Token<\/h4>\n\n
{\n \"code\": \"simplejwt_invalid_token\",\n \"message\": \"Syntax error, malformed JSON\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nExpired Token<\/h4>\n\n
{\n \"code\": \"simplejwt_invalid_token\",\n \"message\": \"Expired token\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nNo Authorization<\/h4>\n\n
{\n \"code\": \"simplejwt_no_auth_header\",\n \"message\": \"Authorization header not found\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nBad Authorization<\/h4>\n\n
{\n \"code\": \"simplejwt_bad_auth_header\",\n \"message\": \"Authorization header malformed\",\n \"data\": {\n \"status\": 400\n }\n}\n<\/code><\/pre>\n\nWrong Algorithm Token<\/h4>\n\n
{\n \"code\": \"simplejwt_invalid_token\",\n \"message\": \"Incorrect key for this algorithm\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nUnsupported Algorithm<\/h4>\n\n
{\n \"code\": \"simplejwt_unsupported_algorithm\",\n \"message\": \"Unsupported algorithm see https:\/\/tinyurl.com\/uf4ns6fm\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nBad Configuration<\/h4>\n\n
{\n \"code\": \"simplejwt_bad_config\",\n \"message\": \"JWT is not configured properly, please contact the admin\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nBad Encryption Key<\/h4>\n\n
{\n \"code\": \"simplejwt_bad_encryption_key\",\n \"message\": \"Encryption key is not configured properly.\",\n \"data\": {\n \"status\": 403\n }\n}\n<\/code><\/pre>\n\nInvalid Encryption Key Length<\/h4>\n\n
{\n \"code\": \"simplejwt_invalid_enckey_length\",\n \"message\": \"Encryption key must be exactly 32 characters long\",\n \"data\": {\n \"status\": 400\n }\n}\n<\/code><\/pre>\n\nAvailable Hooks<\/h3>\n\n
simplejwt_cors_allow_headers<\/h4>\n\n
simplejwt_cors_allow_headers<\/code> allows you to modify the available headers when the Cross-Origin Resource Sharing (CORS) support is enabled.<\/p>\n\n'Access-Control-Allow-Headers, Content-Type, Authorization'\n<\/code><\/pre>\n\n\/**\n * Change the allowed CORS headers.\n *\n * @param string $headers The allowed headers.\n * @return string The allowed headers.\n *\/\nadd_filter(\"simplejwt_cors_allow_headers\", function ($headers) {\n \/\/ Modify the headers here.\n return $headers;\n});\n<\/code><\/pre>\n\nsimplejwt_auth_iss<\/h4>\n\n
simplejwt_auth_iss<\/code> allows you to change the iss<\/strong><\/a> value before the payload is encoded to be a token.<\/p>\n\nget_bloginfo( 'url' );\n<\/code><\/pre>\n\n\/**\n * Change the token issuer.\n *\n * @param string $iss The token issuer.\n * @return string The token issuer.\n *\/\nadd_filter(\"simplejwt_auth_iss\", function ($iss) {\n \/\/ Modify the \"iss\" here.\n return $iss;\n});\n<\/code><\/pre>\n\nsimplejwt_not_before<\/h4>\n\n
simplejwt_not_before<\/code> allows you to change the nbf<\/strong><\/a> value before the payload is encoded to be a token.<\/p>\n\ntime();\n<\/code><\/pre>\n\n\/**\n * Change the token's nbf value.\n *\n * @param int $not_before The default \"nbf\" value in timestamp.\n * @param int $issued_at The \"iat\" value in timestamp.\n * @return int The \"nbf\" value.\n *\/\nadd_filter(\n \"simplejwt_not_before\",\n function ($not_before, $issued_at) {\n \/\/ Modify the \"not_before\" here.\n return $not_before;\n },\n 10,\n 2,\n);\n<\/code><\/pre>\n\nsimplejwt_auth_expire<\/h4>\n\n
simplejwt_auth_expire<\/code> allows you to change the value exp<\/strong><\/a> before the payload is encoded to be a token.<\/p>\n\ntime() + ( DAY_IN_SECONDS * 7 )\n<\/code><\/pre>\n\n\/**\n * Change the token's expire value.\n *\n * @param int $expire The default \"exp\" value in timestamp.\n * @param int $issued_at The \"iat\" value in timestamp.\n * @return int The \"nbf\" value.\n *\/\nadd_filter(\n \"simplejwt_auth_expire\",\n function ($expire, $issued_at) {\n \/\/ Modify the \"expire\" here.\n return $expire;\n },\n 10,\n 2,\n);\n<\/code><\/pre>\n\nsimplejwt_payload_before_sign<\/h4>\n\n
simplejwt_payload_before_sign<\/code> allows you to modify all the payload data before being encoded and signed.<\/p>\n\n$payload = [\n \"iss\" => $this->simplejwt_get_iss(),\n \"iat\" => $issued_at,\n \"nbf\" => $not_before,\n \"exp\" => $expire,\n \"data\" => [\n \"user\" => [\n \"id\" => $user->data->ID,\n ],\n ],\n];\n<\/code><\/pre>\n\n\/**\n * Modify the payload data before being encoded & signed.\n *\n * @param array $payload The default payload\n * @param WP_User $user The authenticated user.\n * @return array The payloads data.\n *\/\nadd_filter(\n \"simplejwt_payload_before_sign\",\n function ($payload, $user) {\n \/\/ Modify the payload here.\n return $payload;\n },\n 10,\n 2,\n);\n<\/code><\/pre>\n\nsimplejwt_token_before_dispatch<\/h4>\n\n
simplejwt_token_before_dispatch<\/code> allows you to modify the token response before to dispatch it to the client.<\/p>\n\n$data = new WP_REST_Response(\n [\n \"code\" => \"simplejwt_auth_credential\",\n \"message\" => JWTNotice::get_notice(\"auth_credential\"),\n \"data\" => [\n \"status\" => 200,\n \"id\" => $user->data->ID,\n \"email\" => $user->data->user_email,\n \"nicename\" => $user->data->user_nicename,\n \"display_name\" => $user->data->display_name,\n \"token\" => $token,\n ],\n ],\n 200,\n);\n<\/code><\/pre>\n\n\/**\n * Modify the JWT response before dispatch.\n *\n * @param WP_REST_Response $data The token response data.\n * @param WP_User $user The user object for whom the token is being generated.\n * @return WP_REST_Response Modified token response data.\n *\/\nadd_filter(\n \"simplejwt_token_before_dispatch\",\n function ($data, $user) {\n \/\/ Modify the response data.\n if ($user instanceof WP_User) {\n }\n return $data;\n },\n 10,\n 2,\n);\n<\/code><\/pre>\n\nCredits<\/h3>\n\n
\n
Using FTP Client<\/h4>\n\n
\n
simple-jwt-auth.zip<\/code> file in your computer.<\/li>\nsimple-jwt-auth<\/code> folder into the \/wp-content\/plugins\/<\/code> directory.<\/li>\nUploading from Dashboard<\/h4>\n\n
\n
simple-jwt-auth.zip<\/code> from your computer.<\/li>\n\n
Do you have GitHub repository for this plugin?<\/h3><\/dt>\n
I am a developer, Where I can contribute to this project?<\/h3><\/dt>\n
I found a bug, where I can report?<\/h3><\/dt>\n