Skip to main content

Configuration

Server

You can access the Simple-JWT-Login API in two modes:

  • using permalink: 
    https://{domain}/wp-json/simple-jwt-login/v1/{endpoint}
  • using rest_route: 
    https://{domain}/?rest_route=/simple-jwt-login/v1/{endpoint}

Request Parameters

The request parameters can be sent as follows:

  • Form Data
  • Query parameters
  • Request body ( as JSON )

Examples

Sending JWT in header:

  curl -X POST "http://localhost/wp/v2/users" -H "Authorization: YOUR_JWT"

Sending JWT as query parameters:

  curl -X POST "http://localhost/wp/v2/users?jwt=YOUR_JWT"

or

  curl -X POST "http://localhost?rest_route=/wp/v2/users&jwt=YOUR_JWT"

Sending JWT as request body:

  curl -X POST "http://localhost/wp/v2/users" -H "Content-type: application/json" -d '{"JWT":"JYOUR JWT"}'

Configuration

  1. Go to “General section”
  2. Set a “JWT Decryption key”. With this key, we will validate your JWT.
  3. Choose “JWT Decryption algorithm”.
  4. Save Changes
caution

For security reasons, please make sure you use a complex decryption key and also include special characters in your decryption key.

Get JWT from option

By default, only the REQUEST is on. This means that the plugin will search in the request for the JWT.

Also, you set to search in:

  1. REQUEST ( plugin will search for the JWT key : &JWT=your_jwt)
  2. SESSION ( plugin will search for the simple-jwt-login-token key: $_SESSION['simple-jwt-login-token'])
  3. COOKIE ( plugin will search for the simple-jwt-login-token key: $_COOKIE['simple-jwt-login-token'])
  4. HEADER ( plugin will search in the Authorization header: Authorization: Bearer YOUR_JWT_HERE)

If JWT is provided in multiple places, the higher number of the option will overwrite the smaller one.

For example, let's say you will send a JWT in REQUEST and in HEADER. The JWT from HEADER will be used.

note

I recommend you to enable the HEADER option, and always send the JWT in the header.

Allow JWT usage on all endpoints

In order to use this feature, you will need to check "All WordPress endpoints checks for JWT authentication" in the "General" section. When a JWT is found, first, you will be authenticated as the user in the JWT, and then the call to the endpoint will be made.

For example, you can create posts, as a specific user, if you provide a JWT in your request.

curl -X POST "https://simplejwtlogin.com/wp-json/wp/v2/posts?content=PostContent&title=PostTitle" \
    -d '{"JWT":"YOUR_JWT_HERE"}'

or

curl -X POST "https://simplejwtlogin.com/wp-json/wp/v2/posts" \
    -H "Authorization: Bearer YOUR_JWT_HERE" \
    --form title="Title" \
    --form content="My content" \
    --form type="page"

For the second example, you need to make sure that you allow search for JWT in the header( you can set this in: General settings -> Get JWT token from )

note

When you pass the JWT parameter, it is not case-sensitive. You can also pass it as jwt.

General settings screenshot