Title: Plugin Validates Tokens for Deleted Users
Last modified: February 17, 2019

---

# Plugin Validates Tokens for Deleted Users

 *  [dominic_ks](https://wordpress.org/support/users/dominic_ks/)
 * (@dominic_ks)
 * [7 years, 3 months ago](https://wordpress.org/support/topic/plugin-validates-tokens-for-deleted-users/)
 * Hello,
 * Thanks for the plugin, am using it on a couple of new projects and seems to be
   working well for me.
 * One issue I have encountered though is that the /token/validate/ route seems 
   to return a successful response even if the user that generated it no longer 
   exists.
 * I had a quick look and it does seem that there is no check for this.
 * I have patched my copy of the plugin with this check and thought I’d drop it 
   here in case you wanted to include it in a future version:
 * **Update in:** /public/class-jwt-auth-public.php after line 298 I added:
 *     ```
       //check if this user is actually a user...
       if( ! get_user_by( 'ID' , $token->data->user->id ) ) {
           return new WP_Error(
               'jwt_auth_invalid_user',
                __('User ID does not belong to an active user', 'wp-api-jwt-auth'),
                array(
                 'status' => 403,
                )
           );
       }
       ```
   
 * Cheers!

The topic ‘Plugin Validates Tokens for Deleted Users’ is closed to new replies.

 * ![](https://ps.w.org/jwt-authentication-for-wp-rest-api/assets/icon-256x256.jpg?
   rev=3372068)
 * [JWT Authentication for WP REST API](https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/jwt-authentication-for-wp-rest-api/)
 * [Active Topics](https://wordpress.org/support/plugin/jwt-authentication-for-wp-rest-api/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/jwt-authentication-for-wp-rest-api/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/jwt-authentication-for-wp-rest-api/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [dominic_ks](https://wordpress.org/support/users/dominic_ks/)
 * Last activity: [7 years, 3 months ago](https://wordpress.org/support/topic/plugin-validates-tokens-for-deleted-users/)
 * Status: not resolved