Based on user's Joomla roles/capabilities users can get access to his Joomla Dashboard and other REST APIs for that site.
Provide the Signature Verification and Validation along with JWT Token Validation. Also, an option to select the Signing Algorithm to validate the JWT token.
Default token expiry time provided is 1 hour. Using this feature admin can change the token expiry date as per his requirement.
Default all the Joomla REST APIs will be protected. Using this feature admin can make some APIs to publicly accessible without authentication.
Default Authorization Header will be used to authenticate the requests. Using this feature admin can change Authorization header to any other header accordingly.
If you want to protect your Joomla REST APIs(eg. post, pages and other REST APIs) with users login credentials or client-id:client-secret, then you can opt for this method. It is recommended that you should use this method on HTTPS or secure socket layer.
If you want to protect your Joomla REST APIs from unauthenticated users but you don’t want to share users login credentials or client id, secret to authenticate the REST API, then you can use API Key authentication, which will generate a random authentication key for you. Using this key, you can authenticate any REST API on your site.
If you are looking to protect your REST APIs using the JWT token and if you do not have any third party provider that issues the JWT token, then you should go for JWT Authentication method. In this case, our Joomla REST API Authentication itself issues the JWT token and works as an API Authenticator to protect your REST APIs.
If you are looking for protecting your REST APIs using the access-token and at the same time you do not have any third party provider/identity provider, then you should go for OAuth 2.0 Authentication method. In this scenario, our Joomla REST API Authentication works as both OAuth Server and API Authenticator to protect your REST APIs.
If you are looking for protecting/restricting access to your Joomla REST APIs using your OAuth Provider/Identity provider, then you should go for Third Party Provider Authentication method.Here, you just need to configure the plugin with Introspection Endpoint/User Info Endpoint provided by your Identity Provider and you will be able to authenticate the API Request using the token provided by your provider application.