Rest API Authentication

  • Resolved jachenry

    (@jachenry)


    5 years, 11 months ago

    Now that this plugin supports generating a new jwt based on the users email/password, do you have any plans for adding the ability to authenticate calls to the rest api endpoints?

    Currently we are using JWT Authentication for WP-API plugin for authenticating calls to the rest api endpoints but it’d be great to use your plugin for generating and authenticating jwts.

    Here is our workflow:

    Anonymous
    – Unauthenticated calls to rest api endpoints expose wordpress posts/pages as if an anonymous user was visiting the site
    – Authorization Bearer Header is NOT supplied to rest api calls making it so only public content is returned

    Authenticated
    – User authenticates via https://{{Domain}}/wp-json/jwt-auth/v1/token and is given a jwt (synonymous with your /auth endpoint)
    – Authorization Bearer Header is supplied to rest api calls allowing for json to include protected content. Middleware is in place to detect Authorization header and immediately set the user before proceeding.

    I believe the only thing your plugin is missing is the ability to set the user id prior to processing the rest endpoint. Is this correct or am I missing something?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Nicu Micle

    (@nicu_m)

    5 years, 11 months ago

    Hello,

    Thank you for suggesting new features to this plugin.

    To understand better, you want to set the userID ( create a user session, as the user is logged in in WordPress ) when you call the /auth endpoint?

    Best regards,
    Nicu.

    Thread Starter jachenry

    (@jachenry)

    5 years, 11 months ago

    Nicu –

    Not quite. I was wondering if you had any plans to work similar to https://github.com/WP-API/jwt-auth. Where in addition to providing an /auth endpoint for generating a jwt, you also intercept and validate jwt tokens supplied to the rest api endpoints.

    There are other plugins that already handle this sort of authentication like the link posted above. Just seems like the last piece needed to make your plugin the one stop shop for rest-api authentication. authentication/registration/single-sign-on.

    Jacob

    Plugin Author Nicu Micle

    (@nicu_m)

    5 years, 11 months ago

    Hello,

    I will have a look over what you have sent me and I will come back with updates.

    Best regards,
    Nicu.

    Plugin Author Nicu Micle

    (@nicu_m)

    5 years, 10 months ago

    Hello,

    I’ve just released version 2.2.5. In this version, it is included a beta version for accessing private content via API.

    Just update the plugin, go to general, check the checkbox for Allowing access to private content, and you will be able to make requests on private endpoints.

    Also, the JWT can be added in URL, session, cookie, or header.

    Let me know if this fits your needs.

    Best regards,
    Nicu.

    Thread Starter jachenry

    (@jachenry)

    5 years, 10 months ago

    Hey Nicu!

    I was able to verify this on one of my api endpoints. If jwt was supplied, the authenticated version of the content was returned.

    Thanks so much!

    Jacob

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Rest API Authentication’ is closed to new replies.