WordPress login using JWT Token from any applications (WordPress SSO)

Steps to configure JWT Login (Single Sign-On) plugin

1. Create the JWT token based on WordPress user credentials (Create JWT Feature):

This feature will help you to create the JWT token based on WordPress user credentials. It also helps you authenticate your users on other apps trying to log in using WordPress credentials.

1.1 : Step to Create JWT

• Go to the miniOrange JWT Login plugin and select the Create JWT option from configuring JWT settings tab.

• As you can see, the JWT Security Settings section is auto-filled, but you can modify it according to your needs. Click Save Settings to save your changes.

• Scroll down, and you get the Create JWT API endpoint. Keep the API endpoint handy as it will require later to configure the postman.

1.2 : Test the Create JWT API endpoint using the Postman tool

• Using Postman, configure the API Endpoint you received from the previous step. In the body section, you must also include your WordPress username and password (see image below). Send the message by clicking the send button. Upon receiving the JWT token, you will be able to use it.

 Sample Example to request the user-based JWT

Request:POST https://<domain-name>/wp-json/api/v1/mo-jwt
Body:username = <wordpress username>
password = <wordpress password>

 
Sample curl Request Format-
curl -d "username=<wordpress_username>&password=<wordpress_password>"
-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt 

2. Register into WordPress using user registration API from any external platforms (Register User for JWT):

This feature will help you to create the user in WordPress via API and returns the user-based JWT token which can be used further for user login, deletion, etc .

2.1 : Step to Register user for jwt

• Go to the miniOrange JWT Login plugin and select the Register User for JWT option from configuring JWT settings tab.

• You will see the Role Mapping Settings section, where you can select the default role for the user using the Select Default Role option. From the dropdown list, select the role for your user and check the Allow 'role' parameter in the Register request box. Click on the Save Settings button.

• Scroll down, and you get the user registration API endpoint. Keep the API endpoint handy as it will require later to configure the postman.

2.2 : Test the Register user JWT API endpoint using the Postman tool

• Using Postman, configure the user registration API Endpoint you received from the previous step. In the body section, you must also include your WordPress username (see image below). Send the message by clicking the send button. You will receive the Jwt token.

• A user's role will be assigned to your WordPress site after they successfully receive the JWT token.

 Sample Example to request the user registration

Request:POST https://<domain-name>/wp-json/api/v1/mo-jwt-register            
Body:username = <wordpress username>
password(Optional) = <wordpress password>

 
Sample curl Request Format-
curl -d "username=<wordpress_username>&password=<wordpress_password>"
-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt-register 

3. Delete/Remove specific users from WordPress using the user based JWT token (Delete User with JWT)

This feature will help you to delete your users from WordPress via API endpoint using the user based JWT token.

3.1 : Step to Delete user with jwt

• Go to the miniOrange JWT Login plugin and select the Delete User with JWT option from configuring JWT settings tab. Click on save settings button.

• You will receive the Delete JWT API endpoint after saving your settings. Keep the endpoint handy for configuating the Postman later.

3.2 : Test the Delete user JWT API endpoint using the Postman tool

• Using Postman, configure the delete user API Endpoint you received from the previous step.In the body section, you must also include jwt-token of the user which you want to delete from the wordpress site and API key (optional) (see image below). Send the message by clicking the send button. You will receive the The user is deleted successfuly massage.

 Sample Example to request the user based JWT

Request:POST https://<domain-name>/wp-json/api/v1/mo-jwt-delete        
Body:jwt-token = <The jwt token of that whom you want to remove from WordPress>

 
Sample curl Request Format-
curl -d "jwt-token=<JWT_token>"
-X POST http://<wp_base_url>/wp-json/api/v1/mo-jwt-delete 

4. Sync user login session between multiple platforms(Login User with JWT) | SSO login in WordPress using token

This feature will help you to auto login (Single Sign On) your users in WordPress using the user based JWT token either created from the plugin or obtained from external identities like OAuth 2.0/OpenID Connect providers, Firebase etc.

4.1 : Step to Login User with JWT

• Go the plugin and select the Login User with JWT option and click on Save Settings button.

• In the Get JWT token from section, we support both Request URL Parameters and Cookies for enabling the plugin to identify the JWT token needed and then can be used further to validate and auto login user.

• You can auto redirect the user on login to homepage or on the same page/URL from where the autologin is initiated using User Redirection after Auto-login option.

• We support below JWT token validation Methods:
• Signing Key/Certificate Validation
• JWKS Validation
• OAuth/OIDC Validation


You can choose the Signing Algorithm HS256 or RS256 to sign the JWT using this method. Additionally, you can enter a key/certificate to decrypt the JWT in the Decryption key/certificate field.

Enter the Decryption key/certificate key and click on Save Settings button.

You can use this method to create the public keys for the JWT token and validate its signature by entering the JWKS endpoint.

By adding the OAuth Introspection/Userinfo Endpoint, Client ID, and Client Secret, you can use this method to determine whether the OAuth token is valid exists.

• Now, map the attributes in the attribute mapping section and click on the save button. This is the required feature to determine the user in WordPress and you need to map it to that attribute of the payload of the JWT token in which your user unique identity is coming like user id, username, email, etc.

• Scroll down and go to sample example section you can find the JWT URL parameter, keep the URL handy as we will require it later.

4.2 : Role Mapping Settings

In this section, you can assign roles based on a role attribute in the JWT token received.

You only need to follow these two steps to set the Role Mapping:

• Fill in the Attribute name in which you are receiving the Role of the user.
• Map the roles in the JWT token to the roles in WordPress and Click the Save Settings button.

 Test the login using JWT as URL parameter

• Visit your site URL on a private window, hit the user jwt token URL (example URL format: http://your-wordpress-domain?mo_jwt_token=<user-jwt-token>), and you will see that you have successfully logged in.